From 4fc2f55f761d71aae1f145d5aa94ba929cc39676 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 28 Apr 2024 11:34:30 +0200 Subject: Adding upstream version 1.7.3. Signed-off-by: Daniel Baumann --- COPYING | 339 + DNSDIST-MIB.txt | 743 + Makefile.am | 543 + Makefile.in | 2500 ++ README | 29 + README.md | 29 + aclocal.m4 | 1804 ++ ascii.hh | 41 + base64.hh | 26 + bpf-filter.cc | 757 + bpf-filter.ebpf.src | 503 + bpf-filter.hh | 124 + bpf-filter.main.ebpf | 136 + bpf-filter.qname.ebpf | 4095 +++ builder-support/gen-version | 77 + cachecleaner.hh | 262 + capabilities.cc | 75 + capabilities.hh | 26 + cdb.cc | 227 + cdb.hh | 70 + circular_buffer.hh | 38 + compile | 348 + config.guess | 1476 + config.h.in | 324 + config.sub | 1801 ++ configure | 27370 +++++++++++++++++++ configure.ac | 242 + connection-management.hh | 66 + credentials.cc | 477 + credentials.hh | 103 + delaypipe.cc | 188 + delaypipe.hh | 85 + depcomp | 791 + devpollmplexer.cc | 216 + dns.cc | 103 + dns.hh | 245 + dnscrypt.cc | 868 + dnscrypt.hh | 302 + dnsdist-backend.cc | 291 + dnsdist-cache.cc | 490 + dnsdist-cache.hh | 145 + dnsdist-carbon.cc | 280 + dnsdist-console.cc | 936 + dnsdist-console.hh | 56 + dnsdist-dnscrypt.cc | 49 + dnsdist-dynblocks.cc | 756 + dnsdist-dynblocks.hh | 437 + dnsdist-dynbpf.cc | 85 + dnsdist-dynbpf.hh | 75 + dnsdist-ecs.cc | 1070 + dnsdist-ecs.hh | 50 + dnsdist-healthchecks.cc | 545 + dnsdist-healthchecks.hh | 33 + dnsdist-idstate.cc | 75 + dnsdist-idstate.hh | 272 + dnsdist-kvs.cc | 285 + dnsdist-kvs.hh | 221 + dnsdist-lbpolicies.cc | 357 + dnsdist-lbpolicies.hh | 114 + dnsdist-lua-actions.cc | 2454 ++ dnsdist-lua-bindings-dnscrypt.cc | 155 + dnsdist-lua-bindings-dnsquestion.cc | 305 + dnsdist-lua-bindings-kvs.cc | 115 + dnsdist-lua-bindings-packetcache.cc | 220 + dnsdist-lua-bindings-protobuf.cc | 168 + dnsdist-lua-bindings.cc | 624 + dnsdist-lua-ffi-interface.h | 125 + dnsdist-lua-ffi-interface.inc | 127 + dnsdist-lua-ffi.cc | 583 + dnsdist-lua-ffi.hh | 110 + dnsdist-lua-inspection-ffi.cc | 106 + dnsdist-lua-inspection-ffi.hh | 45 + dnsdist-lua-inspection.cc | 857 + dnsdist-lua-rules.cc | 621 + dnsdist-lua-vars.cc | 126 + dnsdist-lua-web.cc | 79 + dnsdist-lua.cc | 2860 ++ dnsdist-lua.hh | 109 + dnsdist-nghttp2.cc | 1206 + dnsdist-nghttp2.hh | 75 + dnsdist-prometheus.hh | 72 + dnsdist-protobuf.cc | 186 + dnsdist-protobuf.hh | 93 + dnsdist-protocols.cc | 80 + dnsdist-protocols.hh | 53 + dnsdist-proxy-protocol.cc | 111 + dnsdist-proxy-protocol.hh | 38 + dnsdist-rings.cc | 160 + dnsdist-rings.hh | 229 + dnsdist-rules.cc | 26 + dnsdist-rules.hh | 1312 + dnsdist-secpoll.cc | 246 + dnsdist-secpoll.hh | 27 + dnsdist-session-cache.cc | 90 + dnsdist-session-cache.hh | 80 + dnsdist-snmp.cc | 614 + dnsdist-snmp.hh | 37 + dnsdist-svc.cc | 133 + dnsdist-svc.hh | 66 + dnsdist-systemd.cc | 35 + dnsdist-systemd.hh | 24 + dnsdist-tcp-downstream.cc | 778 + dnsdist-tcp-downstream.hh | 590 + dnsdist-tcp-upstream.hh | 177 + dnsdist-tcp.cc | 1382 + dnsdist-tcp.hh | 282 + dnsdist-web.cc | 1577 ++ dnsdist-web.hh | 17 + dnsdist-xpf.cc | 60 + dnsdist-xpf.hh | 27 + dnsdist.1 | 143 + dnsdist.cc | 2752 ++ dnsdist.hh | 1086 + dnsdist.service.in | 53 + dnsdistconf.lua | 113 + dnslabeltext.cc | 964 + dnslabeltext.rl | 315 + dnsmessage.proto | 183 + dnsname.cc | 493 + dnsname.hh | 533 + dnsparser.cc | 1002 + dnsparser.hh | 569 + dnstap.cc | 92 + dnstap.hh | 45 + dnstap.proto | 330 + dnswriter.cc | 521 + dnswriter.hh | 183 + doh.cc | 1707 ++ doh.hh | 265 + dolog.hh | 173 + ednscookies.cc | 174 + ednscookies.hh | 72 + ednsoptions.cc | 163 + ednsoptions.hh | 56 + ednssubnet.cc | 108 + ednssubnet.hh | 35 + epollmplexer.cc | 240 + ext/ipcrypt/LICENSE | 14 + ext/ipcrypt/Makefile.am | 8 + ext/ipcrypt/Makefile.in | 722 + ext/ipcrypt/ipcrypt.c | 87 + ext/ipcrypt/ipcrypt.h | 24 + ext/json11/json11.cpp | 784 + ext/json11/json11.hpp | 232 + ext/libbpf/libbpf.h | 210 + ext/lmdb-safe/lmdb-safe.cc | 364 + ext/lmdb-safe/lmdb-safe.hh | 610 + ext/luawrapper/include/LuaContext.hpp | 3002 ++ .../include/protozero/basic_pbf_builder.hpp | 266 + .../include/protozero/basic_pbf_writer.hpp | 1054 + ext/protozero/include/protozero/buffer_fixed.hpp | 222 + ext/protozero/include/protozero/buffer_string.hpp | 76 + ext/protozero/include/protozero/buffer_tmpl.hpp | 113 + ext/protozero/include/protozero/buffer_vector.hpp | 76 + ext/protozero/include/protozero/byteswap.hpp | 99 + ext/protozero/include/protozero/config.hpp | 48 + ext/protozero/include/protozero/data_view.hpp | 236 + ext/protozero/include/protozero/exception.hpp | 101 + ext/protozero/include/protozero/iterators.hpp | 481 + ext/protozero/include/protozero/pbf_builder.hpp | 32 + ext/protozero/include/protozero/pbf_message.hpp | 184 + ext/protozero/include/protozero/pbf_reader.hpp | 977 + ext/protozero/include/protozero/pbf_writer.hpp | 76 + ext/protozero/include/protozero/types.hpp | 66 + ext/protozero/include/protozero/varint.hpp | 245 + ext/protozero/include/protozero/version.hpp | 34 + ext/yahttp/LICENSE | 21 + ext/yahttp/Makefile.am | 3 + ext/yahttp/Makefile.in | 740 + ext/yahttp/README.md | 69 + ext/yahttp/yahttp/Makefile.am | 13 + ext/yahttp/yahttp/Makefile.in | 748 + ext/yahttp/yahttp/cookie.hpp | 144 + ext/yahttp/yahttp/exception.hpp | 24 + ext/yahttp/yahttp/reqresp.cpp | 331 + ext/yahttp/yahttp/reqresp.hpp | 351 + ext/yahttp/yahttp/router.cpp | 160 + ext/yahttp/yahttp/router.hpp | 72 + ext/yahttp/yahttp/url.hpp | 200 + ext/yahttp/yahttp/utility.hpp | 462 + ext/yahttp/yahttp/yahttp-config.h | 1 + ext/yahttp/yahttp/yahttp.hpp | 37 + fstrm_logger.cc | 202 + fstrm_logger.hh | 69 + gettime.cc | 52 + gettime.hh | 24 + html/detail.css | 104 + html/graph.css | 177 + html/index.html | 106 + html/js/d3.min.js | 5 + html/js/jquery.min.js | 5 + html/js/moment.min.js | 7 + html/js/rickshaw.min.js | 3 + html/legend.css | 73 + html/lines.css | 21 + html/local.js | 275 + html/powerdns-logo-220px.png | Bin 0 -> 6084 bytes htmlfiles.h | 24743 +++++++++++++++++ incfiles | 26 + install-sh | 518 + ipcipher.cc | 99 + ipcipher.hh | 9 + iputils.cc | 545 + iputils.hh | 1657 ++ kqueuemplexer.cc | 242 + libssl.cc | 855 + libssl.hh | 138 + lock.hh | 452 + ltmain.sh | 11153 ++++++++ lua_hpp.mk | 6 + m4/ac_pthread_set_name.m4 | 71 + m4/ax_arg_default_enable_disable.m4 | 21 + m4/ax_check_sign.m4 | 56 + m4/ax_compile_check_sizeof.m4 | 115 + m4/ax_cxx_compile_stdcxx.m4 | 951 + m4/ax_cxx_compile_stdcxx_17.m4 | 35 + m4/ax_python_module.m4 | 56 + m4/boost.m4 | 1834 ++ m4/dnsdist_enable_dnscrypt.m4 | 18 + m4/dnsdist_enable_doh.m4 | 15 + m4/libtool.m4 | 8369 ++++++ m4/ltoptions.m4 | 437 + m4/ltsugar.m4 | 124 + m4/ltversion.m4 | 23 + m4/lt~obsolete.m4 | 99 + m4/pdns_check_cdb.m4 | 21 + m4/pdns_check_clock_gettime.m4 | 6 + m4/pdns_check_dnstap.m4 | 31 + m4/pdns_check_libcrypto.m4 | 129 + m4/pdns_check_libedit.m4 | 3 + m4/pdns_check_libh2o_evloop.m4 | 21 + m4/pdns_check_lmdb.m4 | 49 + m4/pdns_check_lua_hpp.m4 | 10 + m4/pdns_check_network_libs.m4 | 7 + m4/pdns_check_os.m4 | 63 + m4/pdns_check_pthread_np.m4 | 6 + m4/pdns_check_python_venv.m4 | 9 + m4/pdns_check_ragel.m4 | 8 + m4/pdns_check_secure_memset.m4 | 3 + m4/pdns_check_time_t.m4 | 7 + m4/pdns_d_fortify_source.m4 | 28 + m4/pdns_enable_sanitizers.m4 | 167 + m4/pdns_enable_tls.m4 | 14 + m4/pdns_enable_unit_tests.m4 | 18 + m4/pdns_param_ssp_buffer_size.m4 | 26 + m4/pdns_pie.m4 | 55 + m4/pdns_relro.m4 | 37 + m4/pdns_stack_protector.m4 | 26 + m4/pdns_with_ebpf.m4 | 38 + m4/pdns_with_gnutls.m4 | 34 + m4/pdns_with_libcap.m4 | 25 + m4/pdns_with_libsodium.m4 | 30 + m4/pdns_with_libssl.m4 | 33 + m4/pdns_with_lua.m4 | 62 + m4/pdns_with_net_snmp.m4 | 35 + m4/pdns_with_nghttp2.m4 | 32 + m4/pdns_with_re2.m4 | 22 + m4/pdns_with_service_user.m4 | 17 + m4/systemd.m4 | 223 + m4/warnings.m4 | 79 + misc.cc | 1752 ++ misc.hh | 692 + missing | 215 + mplexer.hh | 314 + namespaces.hh | 60 + noinitvector.hh | 67 + packetcache.hh | 233 + pdnsexception.hh | 42 + pollmplexer.cc | 199 + portsmplexer.cc | 241 + protozero.cc | 159 + protozero.hh | 272 + proxy-protocol.cc | 263 + proxy-protocol.hh | 51 + qtype.cc | 183 + qtype.hh | 181 + remote_logger.cc | 237 + remote_logger.hh | 120 + sholder.hh | 145 + snmp-agent.cc | 206 + snmp-agent.hh | 64 + sodcrypto.cc | 354 + sodcrypto.hh | 78 + src_js/SOURCES | 4 + src_js/d3.js | 9553 +++++++ src_js/jquery.js | 11027 ++++++++ src_js/moment.js | 3606 +++ src_js/rickshaw.js | 4068 +++ sstuff.hh | 390 + stat_t.hh | 79 + statnode.cc | 127 + statnode.hh | 74 + svc-records.cc | 186 + svc-records.hh | 108 + tcpiohandler-mplexer.hh | 209 + tcpiohandler.cc | 1775 ++ tcpiohandler.hh | 573 + test-base64_cc.cc | 77 + test-connectionmanagement_hh.cc | 93 + test-credentials_cc.cc | 117 + test-delaypipe_hh.cc | 80 + test-dnscrypt_cc.cc | 298 + test-dnsdist-connections-cache.cc | 234 + test-dnsdist_cc.cc | 2083 ++ test-dnsdistdynblocks_hh.cc | 1482 + test-dnsdistkvs_cc.cc | 443 + test-dnsdistlbpolicies_cc.cc | 847 + test-dnsdistnghttp2_cc.cc | 1986 ++ test-dnsdistpacketcache_cc.cc | 725 + test-dnsdistrings_cc.cc | 290 + test-dnsdistrules_cc.cc | 149 + test-dnsdistsvc_cc.cc | 96 + test-dnsdisttcp_cc.cc | 4068 +++ test-dnsparser_cc.cc | 486 + test-driver | 148 + test-iputils_hh.cc | 855 + test-luawrapper.cc | 33 + test-mplexer.cc | 401 + test-proxy_protocol_cc.cc | 227 + testrunner.cc | 31 + threadname.cc | 69 + threadname.hh | 25 + uuid-utils.cc | 52 + uuid-utils.hh | 29 + xpf.cc | 118 + xpf.hh | 29 + 326 files changed, 208574 insertions(+) create mode 100644 COPYING create mode 100644 DNSDIST-MIB.txt create mode 100644 Makefile.am create mode 100644 Makefile.in create mode 100644 README create mode 100644 README.md create mode 100644 aclocal.m4 create mode 100644 ascii.hh create mode 100644 base64.hh create mode 100644 bpf-filter.cc create mode 100644 bpf-filter.ebpf.src create mode 100644 bpf-filter.hh create mode 100644 bpf-filter.main.ebpf create mode 100644 bpf-filter.qname.ebpf create mode 100755 builder-support/gen-version create mode 100644 cachecleaner.hh create mode 100644 capabilities.cc create mode 100644 capabilities.hh create mode 100644 cdb.cc create mode 100644 cdb.hh create mode 100644 circular_buffer.hh create mode 100755 compile create mode 100755 config.guess create mode 100644 config.h.in create mode 100755 config.sub create mode 100755 configure create mode 100644 configure.ac create mode 100644 connection-management.hh create mode 100644 credentials.cc create mode 100644 credentials.hh create mode 100644 delaypipe.cc create mode 100644 delaypipe.hh create mode 100755 depcomp create mode 100644 devpollmplexer.cc create mode 100644 dns.cc create mode 100644 dns.hh create mode 100644 dnscrypt.cc create mode 100644 dnscrypt.hh create mode 100644 dnsdist-backend.cc create mode 100644 dnsdist-cache.cc create mode 100644 dnsdist-cache.hh create mode 100644 dnsdist-carbon.cc create mode 100644 dnsdist-console.cc create mode 100644 dnsdist-console.hh create mode 100644 dnsdist-dnscrypt.cc create mode 100644 dnsdist-dynblocks.cc create mode 100644 dnsdist-dynblocks.hh create mode 100644 dnsdist-dynbpf.cc create mode 100644 dnsdist-dynbpf.hh create mode 100644 dnsdist-ecs.cc create mode 100644 dnsdist-ecs.hh create mode 100644 dnsdist-healthchecks.cc create mode 100644 dnsdist-healthchecks.hh create mode 100644 dnsdist-idstate.cc create mode 100644 dnsdist-idstate.hh create mode 100644 dnsdist-kvs.cc create mode 100644 dnsdist-kvs.hh create mode 100644 dnsdist-lbpolicies.cc create mode 100644 dnsdist-lbpolicies.hh create mode 100644 dnsdist-lua-actions.cc create mode 100644 dnsdist-lua-bindings-dnscrypt.cc create mode 100644 dnsdist-lua-bindings-dnsquestion.cc create mode 100644 dnsdist-lua-bindings-kvs.cc create mode 100644 dnsdist-lua-bindings-packetcache.cc create mode 100644 dnsdist-lua-bindings-protobuf.cc create mode 100644 dnsdist-lua-bindings.cc create mode 100644 dnsdist-lua-ffi-interface.h create mode 100644 dnsdist-lua-ffi-interface.inc create mode 100644 dnsdist-lua-ffi.cc create mode 100644 dnsdist-lua-ffi.hh create mode 100644 dnsdist-lua-inspection-ffi.cc create mode 100644 dnsdist-lua-inspection-ffi.hh create mode 100644 dnsdist-lua-inspection.cc create mode 100644 dnsdist-lua-rules.cc create mode 100644 dnsdist-lua-vars.cc create mode 100644 dnsdist-lua-web.cc create mode 100644 dnsdist-lua.cc create mode 100644 dnsdist-lua.hh create mode 100644 dnsdist-nghttp2.cc create mode 100644 dnsdist-nghttp2.hh create mode 100644 dnsdist-prometheus.hh create mode 100644 dnsdist-protobuf.cc create mode 100644 dnsdist-protobuf.hh create mode 100644 dnsdist-protocols.cc create mode 100644 dnsdist-protocols.hh create mode 100644 dnsdist-proxy-protocol.cc create mode 100644 dnsdist-proxy-protocol.hh create mode 100644 dnsdist-rings.cc create mode 100644 dnsdist-rings.hh create mode 100644 dnsdist-rules.cc create mode 100644 dnsdist-rules.hh create mode 100644 dnsdist-secpoll.cc create mode 100644 dnsdist-secpoll.hh create mode 100644 dnsdist-session-cache.cc create mode 100644 dnsdist-session-cache.hh create mode 100644 dnsdist-snmp.cc create mode 100644 dnsdist-snmp.hh create mode 100644 dnsdist-svc.cc create mode 100644 dnsdist-svc.hh create mode 100644 dnsdist-systemd.cc create mode 100644 dnsdist-systemd.hh create mode 100644 dnsdist-tcp-downstream.cc create mode 100644 dnsdist-tcp-downstream.hh create mode 100644 dnsdist-tcp-upstream.hh create mode 100644 dnsdist-tcp.cc create mode 100644 dnsdist-tcp.hh create mode 100644 dnsdist-web.cc create mode 100644 dnsdist-web.hh create mode 100644 dnsdist-xpf.cc create mode 100644 dnsdist-xpf.hh create mode 100644 dnsdist.1 create mode 100644 dnsdist.cc create mode 100644 dnsdist.hh create mode 100644 dnsdist.service.in create mode 100644 dnsdistconf.lua create mode 100644 dnslabeltext.cc create mode 100644 dnslabeltext.rl create mode 100644 dnsmessage.proto create mode 100644 dnsname.cc create mode 100644 dnsname.hh create mode 100644 dnsparser.cc create mode 100644 dnsparser.hh create mode 100644 dnstap.cc create mode 100644 dnstap.hh create mode 100644 dnstap.proto create mode 100644 dnswriter.cc create mode 100644 dnswriter.hh create mode 100644 doh.cc create mode 100644 doh.hh create mode 100644 dolog.hh create mode 100644 ednscookies.cc create mode 100644 ednscookies.hh create mode 100644 ednsoptions.cc create mode 100644 ednsoptions.hh create mode 100644 ednssubnet.cc create mode 100644 ednssubnet.hh create mode 100644 epollmplexer.cc create mode 100644 ext/ipcrypt/LICENSE create mode 100644 ext/ipcrypt/Makefile.am create mode 100644 ext/ipcrypt/Makefile.in create mode 100644 ext/ipcrypt/ipcrypt.c create mode 100644 ext/ipcrypt/ipcrypt.h create mode 100644 ext/json11/json11.cpp create mode 100644 ext/json11/json11.hpp create mode 100644 ext/libbpf/libbpf.h create mode 100644 ext/lmdb-safe/lmdb-safe.cc create mode 100644 ext/lmdb-safe/lmdb-safe.hh create mode 100644 ext/luawrapper/include/LuaContext.hpp create mode 100644 ext/protozero/include/protozero/basic_pbf_builder.hpp create mode 100644 ext/protozero/include/protozero/basic_pbf_writer.hpp create mode 100644 ext/protozero/include/protozero/buffer_fixed.hpp create mode 100644 ext/protozero/include/protozero/buffer_string.hpp create mode 100644 ext/protozero/include/protozero/buffer_tmpl.hpp create mode 100644 ext/protozero/include/protozero/buffer_vector.hpp create mode 100644 ext/protozero/include/protozero/byteswap.hpp create mode 100644 ext/protozero/include/protozero/config.hpp create mode 100644 ext/protozero/include/protozero/data_view.hpp create mode 100644 ext/protozero/include/protozero/exception.hpp create mode 100644 ext/protozero/include/protozero/iterators.hpp create mode 100644 ext/protozero/include/protozero/pbf_builder.hpp create mode 100644 ext/protozero/include/protozero/pbf_message.hpp create mode 100644 ext/protozero/include/protozero/pbf_reader.hpp create mode 100644 ext/protozero/include/protozero/pbf_writer.hpp create mode 100644 ext/protozero/include/protozero/types.hpp create mode 100644 ext/protozero/include/protozero/varint.hpp create mode 100644 ext/protozero/include/protozero/version.hpp create mode 100644 ext/yahttp/LICENSE create mode 100644 ext/yahttp/Makefile.am create mode 100644 ext/yahttp/Makefile.in create mode 100644 ext/yahttp/README.md create mode 100644 ext/yahttp/yahttp/Makefile.am create mode 100644 ext/yahttp/yahttp/Makefile.in create mode 100644 ext/yahttp/yahttp/cookie.hpp create mode 100644 ext/yahttp/yahttp/exception.hpp create mode 100644 ext/yahttp/yahttp/reqresp.cpp create mode 100644 ext/yahttp/yahttp/reqresp.hpp create mode 100644 ext/yahttp/yahttp/router.cpp create mode 100644 ext/yahttp/yahttp/router.hpp create mode 100644 ext/yahttp/yahttp/url.hpp create mode 100644 ext/yahttp/yahttp/utility.hpp create mode 100644 ext/yahttp/yahttp/yahttp-config.h create mode 100644 ext/yahttp/yahttp/yahttp.hpp create mode 100644 fstrm_logger.cc create mode 100644 fstrm_logger.hh create mode 100644 gettime.cc create mode 100644 gettime.hh create mode 100644 html/detail.css create mode 100644 html/graph.css create mode 100644 html/index.html create mode 100644 html/js/d3.min.js create mode 100644 html/js/jquery.min.js create mode 100644 html/js/moment.min.js create mode 100644 html/js/rickshaw.min.js create mode 100644 html/legend.css create mode 100644 html/lines.css create mode 100644 html/local.js create mode 100644 html/powerdns-logo-220px.png create mode 100644 htmlfiles.h create mode 100755 incfiles create mode 100755 install-sh create mode 100644 ipcipher.cc create mode 100644 ipcipher.hh create mode 100644 iputils.cc create mode 100644 iputils.hh create mode 100644 kqueuemplexer.cc create mode 100644 libssl.cc create mode 100644 libssl.hh create mode 100644 lock.hh create mode 100644 ltmain.sh create mode 100644 lua_hpp.mk create mode 100644 m4/ac_pthread_set_name.m4 create mode 100644 m4/ax_arg_default_enable_disable.m4 create mode 100644 m4/ax_check_sign.m4 create mode 100644 m4/ax_compile_check_sizeof.m4 create mode 100644 m4/ax_cxx_compile_stdcxx.m4 create mode 100644 m4/ax_cxx_compile_stdcxx_17.m4 create mode 100644 m4/ax_python_module.m4 create mode 100644 m4/boost.m4 create mode 100644 m4/dnsdist_enable_dnscrypt.m4 create mode 100644 m4/dnsdist_enable_doh.m4 create mode 100644 m4/libtool.m4 create mode 100644 m4/ltoptions.m4 create mode 100644 m4/ltsugar.m4 create mode 100644 m4/ltversion.m4 create mode 100644 m4/lt~obsolete.m4 create mode 100644 m4/pdns_check_cdb.m4 create mode 100644 m4/pdns_check_clock_gettime.m4 create mode 100644 m4/pdns_check_dnstap.m4 create mode 100644 m4/pdns_check_libcrypto.m4 create mode 100644 m4/pdns_check_libedit.m4 create mode 100644 m4/pdns_check_libh2o_evloop.m4 create mode 100644 m4/pdns_check_lmdb.m4 create mode 100644 m4/pdns_check_lua_hpp.m4 create mode 100644 m4/pdns_check_network_libs.m4 create mode 100644 m4/pdns_check_os.m4 create mode 100644 m4/pdns_check_pthread_np.m4 create mode 100644 m4/pdns_check_python_venv.m4 create mode 100644 m4/pdns_check_ragel.m4 create mode 100644 m4/pdns_check_secure_memset.m4 create mode 100644 m4/pdns_check_time_t.m4 create mode 100644 m4/pdns_d_fortify_source.m4 create mode 100644 m4/pdns_enable_sanitizers.m4 create mode 100644 m4/pdns_enable_tls.m4 create mode 100644 m4/pdns_enable_unit_tests.m4 create mode 100644 m4/pdns_param_ssp_buffer_size.m4 create mode 100644 m4/pdns_pie.m4 create mode 100644 m4/pdns_relro.m4 create mode 100644 m4/pdns_stack_protector.m4 create mode 100644 m4/pdns_with_ebpf.m4 create mode 100644 m4/pdns_with_gnutls.m4 create mode 100644 m4/pdns_with_libcap.m4 create mode 100644 m4/pdns_with_libsodium.m4 create mode 100644 m4/pdns_with_libssl.m4 create mode 100644 m4/pdns_with_lua.m4 create mode 100644 m4/pdns_with_net_snmp.m4 create mode 100644 m4/pdns_with_nghttp2.m4 create mode 100644 m4/pdns_with_re2.m4 create mode 100644 m4/pdns_with_service_user.m4 create mode 100644 m4/systemd.m4 create mode 100644 m4/warnings.m4 create mode 100644 misc.cc create mode 100644 misc.hh create mode 100755 missing create mode 100644 mplexer.hh create mode 100644 namespaces.hh create mode 100644 noinitvector.hh create mode 100644 packetcache.hh create mode 100644 pdnsexception.hh create mode 100644 pollmplexer.cc create mode 100644 portsmplexer.cc create mode 100644 protozero.cc create mode 100644 protozero.hh create mode 100644 proxy-protocol.cc create mode 100644 proxy-protocol.hh create mode 100644 qtype.cc create mode 100644 qtype.hh create mode 100644 remote_logger.cc create mode 100644 remote_logger.hh create mode 100644 sholder.hh create mode 100644 snmp-agent.cc create mode 100644 snmp-agent.hh create mode 100644 sodcrypto.cc create mode 100644 sodcrypto.hh create mode 100644 src_js/SOURCES create mode 100644 src_js/d3.js create mode 100644 src_js/jquery.js create mode 100644 src_js/moment.js create mode 100644 src_js/rickshaw.js create mode 100644 sstuff.hh create mode 100644 stat_t.hh create mode 100644 statnode.cc create mode 100644 statnode.hh create mode 100644 svc-records.cc create mode 100644 svc-records.hh create mode 100644 tcpiohandler-mplexer.hh create mode 100644 tcpiohandler.cc create mode 100644 tcpiohandler.hh create mode 100644 test-base64_cc.cc create mode 100644 test-connectionmanagement_hh.cc create mode 100644 test-credentials_cc.cc create mode 100644 test-delaypipe_hh.cc create mode 100644 test-dnscrypt_cc.cc create mode 100644 test-dnsdist-connections-cache.cc create mode 100644 test-dnsdist_cc.cc create mode 100644 test-dnsdistdynblocks_hh.cc create mode 100644 test-dnsdistkvs_cc.cc create mode 100644 test-dnsdistlbpolicies_cc.cc create mode 100644 test-dnsdistnghttp2_cc.cc create mode 100644 test-dnsdistpacketcache_cc.cc create mode 100644 test-dnsdistrings_cc.cc create mode 100644 test-dnsdistrules_cc.cc create mode 100644 test-dnsdistsvc_cc.cc create mode 100644 test-dnsdisttcp_cc.cc create mode 100644 test-dnsparser_cc.cc create mode 100755 test-driver create mode 100644 test-iputils_hh.cc create mode 100644 test-luawrapper.cc create mode 100644 test-mplexer.cc create mode 100644 test-proxy_protocol_cc.cc create mode 100644 testrunner.cc create mode 100644 threadname.cc create mode 100644 threadname.hh create mode 100644 uuid-utils.cc create mode 100644 uuid-utils.hh create mode 100644 xpf.cc create mode 100644 xpf.hh diff --git a/COPYING b/COPYING new file mode 100644 index 0000000..ecbc059 --- /dev/null +++ b/COPYING @@ -0,0 +1,339 @@ + GNU GENERAL PUBLIC LICENSE + Version 2, June 1991 + + Copyright (C) 1989, 1991 Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The licenses for most software are designed to take away your +freedom to share and change it. By contrast, the GNU General Public +License is intended to guarantee your freedom to share and change free +software--to make sure the software is free for all its users. This +General Public License applies to most of the Free Software +Foundation's software and to any other program whose authors commit to +using it. (Some other Free Software Foundation software is covered by +the GNU Lesser General Public License instead.) You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +this service if you wish), that you receive source code or can get it +if you want it, that you can change the software or use pieces of it +in new free programs; and that you know you can do these things. + + To protect your rights, we need to make restrictions that forbid +anyone to deny you these rights or to ask you to surrender the rights. +These restrictions translate to certain responsibilities for you if you +distribute copies of the software, or if you modify it. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must give the recipients all the rights that +you have. You must make sure that they, too, receive or can get the +source code. And you must show them these terms so they know their +rights. + + We protect your rights with two steps: (1) copyright the software, and +(2) offer you this license which gives you legal permission to copy, +distribute and/or modify the software. + + Also, for each author's protection and ours, we want to make certain +that everyone understands that there is no warranty for this free +software. If the software is modified by someone else and passed on, we +want its recipients to know that what they have is not the original, so +that any problems introduced by others will not reflect on the original +authors' reputations. + + Finally, any free program is threatened constantly by software +patents. We wish to avoid the danger that redistributors of a free +program will individually obtain patent licenses, in effect making the +program proprietary. To prevent this, we have made it clear that any +patent must be licensed for everyone's free use or not licensed at all. + + The precise terms and conditions for copying, distribution and +modification follow. + + GNU GENERAL PUBLIC LICENSE + TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION + + 0. This License applies to any program or other work which contains +a notice placed by the copyright holder saying it may be distributed +under the terms of this General Public License. The "Program", below, +refers to any such program or work, and a "work based on the Program" +means either the Program or any derivative work under copyright law: +that is to say, a work containing the Program or a portion of it, +either verbatim or with modifications and/or translated into another +language. (Hereinafter, translation is included without limitation in +the term "modification".) Each licensee is addressed as "you". + +Activities other than copying, distribution and modification are not +covered by this License; they are outside its scope. The act of +running the Program is not restricted, and the output from the Program +is covered only if its contents constitute a work based on the +Program (independent of having been made by running the Program). +Whether that is true depends on what the Program does. + + 1. You may copy and distribute verbatim copies of the Program's +source code as you receive it, in any medium, provided that you +conspicuously and appropriately publish on each copy an appropriate +copyright notice and disclaimer of warranty; keep intact all the +notices that refer to this License and to the absence of any warranty; +and give any other recipients of the Program a copy of this License +along with the Program. + +You may charge a fee for the physical act of transferring a copy, and +you may at your option offer warranty protection in exchange for a fee. + + 2. You may modify your copy or copies of the Program or any portion +of it, thus forming a work based on the Program, and copy and +distribute such modifications or work under the terms of Section 1 +above, provided that you also meet all of these conditions: + + a) You must cause the modified files to carry prominent notices + stating that you changed the files and the date of any change. + + b) You must cause any work that you distribute or publish, that in + whole or in part contains or is derived from the Program or any + part thereof, to be licensed as a whole at no charge to all third + parties under the terms of this License. + + c) If the modified program normally reads commands interactively + when run, you must cause it, when started running for such + interactive use in the most ordinary way, to print or display an + announcement including an appropriate copyright notice and a + notice that there is no warranty (or else, saying that you provide + a warranty) and that users may redistribute the program under + these conditions, and telling the user how to view a copy of this + License. (Exception: if the Program itself is interactive but + does not normally print such an announcement, your work based on + the Program is not required to print an announcement.) + +These requirements apply to the modified work as a whole. If +identifiable sections of that work are not derived from the Program, +and can be reasonably considered independent and separate works in +themselves, then this License, and its terms, do not apply to those +sections when you distribute them as separate works. But when you +distribute the same sections as part of a whole which is a work based +on the Program, the distribution of the whole must be on the terms of +this License, whose permissions for other licensees extend to the +entire whole, and thus to each and every part regardless of who wrote it. + +Thus, it is not the intent of this section to claim rights or contest +your rights to work written entirely by you; rather, the intent is to +exercise the right to control the distribution of derivative or +collective works based on the Program. + +In addition, mere aggregation of another work not based on the Program +with the Program (or with a work based on the Program) on a volume of +a storage or distribution medium does not bring the other work under +the scope of this License. + + 3. You may copy and distribute the Program (or a work based on it, +under Section 2) in object code or executable form under the terms of +Sections 1 and 2 above provided that you also do one of the following: + + a) Accompany it with the complete corresponding machine-readable + source code, which must be distributed under the terms of Sections + 1 and 2 above on a medium customarily used for software interchange; or, + + b) Accompany it with a written offer, valid for at least three + years, to give any third party, for a charge no more than your + cost of physically performing source distribution, a complete + machine-readable copy of the corresponding source code, to be + distributed under the terms of Sections 1 and 2 above on a medium + customarily used for software interchange; or, + + c) Accompany it with the information you received as to the offer + to distribute corresponding source code. (This alternative is + allowed only for noncommercial distribution and only if you + received the program in object code or executable form with such + an offer, in accord with Subsection b above.) + +The source code for a work means the preferred form of the work for +making modifications to it. For an executable work, complete source +code means all the source code for all modules it contains, plus any +associated interface definition files, plus the scripts used to +control compilation and installation of the executable. However, as a +special exception, the source code distributed need not include +anything that is normally distributed (in either source or binary +form) with the major components (compiler, kernel, and so on) of the +operating system on which the executable runs, unless that component +itself accompanies the executable. + +If distribution of executable or object code is made by offering +access to copy from a designated place, then offering equivalent +access to copy the source code from the same place counts as +distribution of the source code, even though third parties are not +compelled to copy the source along with the object code. + + 4. You may not copy, modify, sublicense, or distribute the Program +except as expressly provided under this License. Any attempt +otherwise to copy, modify, sublicense or distribute the Program is +void, and will automatically terminate your rights under this License. +However, parties who have received copies, or rights, from you under +this License will not have their licenses terminated so long as such +parties remain in full compliance. + + 5. You are not required to accept this License, since you have not +signed it. However, nothing else grants you permission to modify or +distribute the Program or its derivative works. These actions are +prohibited by law if you do not accept this License. Therefore, by +modifying or distributing the Program (or any work based on the +Program), you indicate your acceptance of this License to do so, and +all its terms and conditions for copying, distributing or modifying +the Program or works based on it. + + 6. Each time you redistribute the Program (or any work based on the +Program), the recipient automatically receives a license from the +original licensor to copy, distribute or modify the Program subject to +these terms and conditions. You may not impose any further +restrictions on the recipients' exercise of the rights granted herein. +You are not responsible for enforcing compliance by third parties to +this License. + + 7. If, as a consequence of a court judgment or allegation of patent +infringement or for any other reason (not limited to patent issues), +conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot +distribute so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you +may not distribute the Program at all. For example, if a patent +license would not permit royalty-free redistribution of the Program by +all those who receive copies directly or indirectly through you, then +the only way you could satisfy both it and this License would be to +refrain entirely from distribution of the Program. + +If any portion of this section is held invalid or unenforceable under +any particular circumstance, the balance of the section is intended to +apply and the section as a whole is intended to apply in other +circumstances. + +It is not the purpose of this section to induce you to infringe any +patents or other property right claims or to contest validity of any +such claims; this section has the sole purpose of protecting the +integrity of the free software distribution system, which is +implemented by public license practices. Many people have made +generous contributions to the wide range of software distributed +through that system in reliance on consistent application of that +system; it is up to the author/donor to decide if he or she is willing +to distribute software through any other system and a licensee cannot +impose that choice. + +This section is intended to make thoroughly clear what is believed to +be a consequence of the rest of this License. + + 8. If the distribution and/or use of the Program is restricted in +certain countries either by patents or by copyrighted interfaces, the +original copyright holder who places the Program under this License +may add an explicit geographical distribution limitation excluding +those countries, so that distribution is permitted only in or among +countries not thus excluded. In such case, this License incorporates +the limitation as if written in the body of this License. + + 9. The Free Software Foundation may publish revised and/or new versions +of the General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + +Each version is given a distinguishing version number. If the Program +specifies a version number of this License which applies to it and "any +later version", you have the option of following the terms and conditions +either of that version or of any later version published by the Free +Software Foundation. If the Program does not specify a version number of +this License, you may choose any version ever published by the Free Software +Foundation. + + 10. If you wish to incorporate parts of the Program into other free +programs whose distribution conditions are different, write to the author +to ask for permission. For software which is copyrighted by the Free +Software Foundation, write to the Free Software Foundation; we sometimes +make exceptions for this. Our decision will be guided by the two goals +of preserving the free status of all derivatives of our free software and +of promoting the sharing and reuse of software generally. + + NO WARRANTY + + 11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY +FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN +OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES +PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED +OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS +TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE +PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, +REPAIR OR CORRECTION. + + 12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR +REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, +INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING +OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED +TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY +YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER +PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE +POSSIBILITY OF SUCH DAMAGES. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +convey the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + + Copyright (C) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License along + with this program; if not, write to the Free Software Foundation, Inc., + 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + +Also add information on how to contact you by electronic and paper mail. + +If the program is interactive, make it output a short notice like this +when it starts in an interactive mode: + + Gnomovision version 69, Copyright (C) year name of author + Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, the commands you use may +be called something other than `show w' and `show c'; they could even be +mouse-clicks or menu items--whatever suits your program. + +You should also get your employer (if you work as a programmer) or your +school, if any, to sign a "copyright disclaimer" for the program, if +necessary. Here is a sample; alter the names: + + Yoyodyne, Inc., hereby disclaims all copyright interest in the program + `Gnomovision' (which makes passes at compilers) written by James Hacker. + + , 1 April 1989 + Ty Coon, President of Vice + +This General Public License does not permit incorporating your program into +proprietary programs. If your program is a subroutine library, you may +consider it more useful to permit linking proprietary applications with the +library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. \ No newline at end of file diff --git a/DNSDIST-MIB.txt b/DNSDIST-MIB.txt new file mode 100644 index 0000000..d6f5a92 --- /dev/null +++ b/DNSDIST-MIB.txt @@ -0,0 +1,743 @@ +-- -*- snmpv2 -*- +-- ---------------------------------------------------------------------- +-- MIB file for dnsdist +-- ---------------------------------------------------------------------- + +DNSDIST-MIB DEFINITIONS ::= BEGIN + +IMPORTS + OBJECT-TYPE, MODULE-IDENTITY, enterprises, + Counter64, Unsigned32, NOTIFICATION-TYPE + FROM SNMPv2-SMI + CounterBasedGauge64 + FROM HCNUM-TC + Float64TC + FROM FLOAT-TC-MIB + OBJECT-GROUP, MODULE-COMPLIANCE, NOTIFICATION-GROUP + FROM SNMPv2-CONF + InetAddressType + FROM INET-ADDRESS-MIB + TEXTUAL-CONVENTION, DisplayString + FROM SNMPv2-TC; + +dnsdist MODULE-IDENTITY + LAST-UPDATED "201611080000Z" + ORGANIZATION "PowerDNS BV" + CONTACT-INFO "support@powerdns.com" + DESCRIPTION + "This MIB module describes information gathered through dnsdist." + + REVISION "201611080000Z" + DESCRIPTION "Initial revision." + + ::= { powerdns 3 } + +powerdns OBJECT IDENTIFIER ::= { enterprises 43315 } + +stats OBJECT IDENTIFIER ::= { dnsdist 1 } + +queries OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries received" + ::= { stats 1 } + +responses OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of responses received" + ::= { stats 2 } + +servfailResponses OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of servfail responses received" + ::= { stats 3 } + +aclDrops OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries dropped because of the ACL" + ::= { stats 4 } + +-- stats 5 was a BlockFilter Counter, removed in 1.2.0 + +ruleDrop OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries dropped because of a rule" + ::= { stats 6 } + +ruleNXDomain OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of NXDomain responses returned because of a rule" + ::= { stats 7 } + +ruleRefused OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of Refused responses returned because of a rule" + ::= { stats 8 } + +selfAnswered OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of self-answered responses" + ::= { stats 9 } + +downstreamTimeouts OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of downstream timeouts" + ::= { stats 10 } + +downstreamSendErrors OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of downstream send errors" + ::= { stats 11 } + +truncFailures OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of errors while truncating a response" + ::= { stats 12 } + +noPolicy OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries dropped because no server was available" + ::= { stats 13 } + +latency01 OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries answered in less than 1 ms" + ::= { stats 14 } + +latency110 OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries answered in 1-10 ms" + ::= { stats 15 } + +latency1050 OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries answered in 10-50 ms" + ::= { stats 16 } + +latency50100 OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries answered in 50-100 ms" + ::= { stats 17 } + +latency1001000 OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries answered in 100-1000 ms" + ::= { stats 18 } + +latencySlow OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries answered in more than 1s" + ::= { stats 19 } + +latencyAVG100 OBJECT-TYPE + SYNTAX Float64TC + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Average latency over the last 100 queries" + ::= { stats 20 } + +latencyAVG1000 OBJECT-TYPE + SYNTAX Float64TC + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Average latency over the last 1000 queries" + ::= { stats 21 } + +latencyAVG10000 OBJECT-TYPE + SYNTAX Float64TC + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Average latency over the last 10000 queries" + ::= { stats 22 } + +latencyAVG1000000 OBJECT-TYPE + SYNTAX Float64TC + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Average latency over the last 1000000 queries" + ::= { stats 23 } + +uptime OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Uptime of the dnsdist process, in seconds" + ::= { stats 24 } + +realMemoryUsage OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Memory usage" + ::= { stats 25 } + +nonCompliantQueries OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries dropped as non-compliant" + ::= { stats 26 } + +nonCompliantResponses OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of responses dropped as non-compliant" + ::= { stats 27 } + +rdQueries OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries with the RD flag set" + ::= { stats 28 } + +emptyQueries OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of empty queries received" + ::= { stats 29 } + +cacheHits OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of cache hits" + ::= { stats 30 } + +cacheMisses OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of cache misses" + ::= { stats 31 } + +cpuUserMSec OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "CPU Usage (user)" + ::= { stats 32 } + +cpuSysMSec OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "CPU Usage (sys)" + ::= { stats 33 } + +fdUsage OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of file descriptors" + ::= { stats 34 } + +dynBlocked OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries dropped because of a dynamic block" + ::= { stats 35 } + +dynBlockNMGSize OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Dynamic blocks (NMG) size" + ::= { stats 36 } + +ruleServFail OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of ServFail responses returned because of a rule" + ::= { stats 37 } + +securityStatus OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Security status of this software. 0=unknown, 1=OK, 2=upgrade recommended, 3=upgrade mandatory" + ::= { stats 38 } + +specialMemoryUsage OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Memory usage (more precise but expensive to retrieve)" + ::= { stats 39 } + +ruleTruncated OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of Truncated responses returned because of a rule" + ::= { stats 40 } + +backendStatTable OBJECT-TYPE + SYNTAX SEQUENCE OF BackendStatEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Statistics for backends" + ::= { dnsdist 2 } + +backendStatEntry OBJECT-TYPE + SYNTAX BackendStatEntry + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION "Statistics for one backend" + INDEX { backendId } + ::= { backendStatTable 1 } + +BackendStatEntry ::= SEQUENCE { + backendId Unsigned32, + backendName DisplayString, + backendLatency CounterBasedGauge64, + backendWeight CounterBasedGauge64, + backendOutstanding CounterBasedGauge64, + backendQPSLimit CounterBasedGauge64, + backendReused Counter64, + backendState DisplayString, + backendAddress OCTET STRING, + backendPools DisplayString, + backendQPS CounterBasedGauge64, + backendQueries Counter64, + backendOrder CounterBasedGauge64 +} + +backendId OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS not-accessible + STATUS current + DESCRIPTION + "Backend ID" + ::= { backendStatEntry 1 } + +backendName OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Backend name" + ::= { backendStatEntry 2 } + +backendLatency OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Backend latency" + ::= { backendStatEntry 3 } + +backendWeight OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Backend weight" + ::= { backendStatEntry 4 } + +backendOutstanding OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Backend outstanding queries" + ::= { backendStatEntry 5 } + +backendQPSLimit OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Backend QPS limit" + ::= { backendStatEntry 6 } + +backendReused OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Backend reused slots" + ::= { backendStatEntry 7 } + +backendState OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Backend state" + ::= { backendStatEntry 8 } + +backendAddress OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (2..24)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Backend address" + ::= { backendStatEntry 9 } + +backendPools OBJECT-TYPE + SYNTAX DisplayString + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "List of pools this backend belongs to" + ::= { backendStatEntry 10 } + +backendQPS OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Backend QPS" + ::= { backendStatEntry 11 } + +backendQueries OBJECT-TYPE + SYNTAX Counter64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Number of queries sent to this backend" + ::= { backendStatEntry 12 } + +backendOrder OBJECT-TYPE + SYNTAX CounterBasedGauge64 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Backend order" + ::= { backendStatEntry 13 } + +--- +--- Textual Conventions +--- + +SocketProtocolType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A value that represents a type of socket protocol." + SYNTAX INTEGER { + unknown(0), + udp(1), + tcp(2) + } + +DNSQueryType ::= TEXTUAL-CONVENTION + STATUS current + DESCRIPTION + "A value that represents a type of DNS query (question or response)." + SYNTAX INTEGER { + unknown(0), + question(1), + response(2) + } + +--- +--- Traps / Notifications +--- + +trap OBJECT IDENTIFIER ::= { dnsdist 10 } +traps OBJECT IDENTIFIER ::= { trap 0 } --- reverse-mappable +trapObjects OBJECT IDENTIFIER ::= { dnsdist 11 } + +socketFamily OBJECT-TYPE + SYNTAX InetAddressType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Socket family type" + ::= { trapObjects 1 } + +socketProtocol OBJECT-TYPE + SYNTAX SocketProtocolType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Socket protocol type" + ::= { trapObjects 2 } + +fromAddress OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (2..24)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Requestor address" + ::= { trapObjects 3 } + +toAddress OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (2..24)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Responder address" + ::= { trapObjects 4 } + +queryType OBJECT-TYPE + SYNTAX DNSQueryType + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Query / Response" + ::= { trapObjects 5 } + +querySize OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Size in bytes" + ::= { trapObjects 6 } + +queryID OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "DNS query ID" + ::= { trapObjects 7 } + +qName OBJECT-TYPE + SYNTAX OCTET STRING (SIZE (0..255)) + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "DNS qname" + ::= { trapObjects 8 } + +qClass OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "DNS query class" + ::= { trapObjects 9 } + +qType OBJECT-TYPE + SYNTAX Unsigned32 + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "DNS query type" + ::= { trapObjects 10 } + +trapReason OBJECT-TYPE + SYNTAX OCTET STRING + MAX-ACCESS read-only + STATUS current + DESCRIPTION + "Reason for this trap" + ::= { trapObjects 11 } + +--- { trapObjects 5000 } up to and including { trapObjects 5999 } are reserved for local, product-specific extensions to the dnsdist MIB + +backendStatusChangeTrap NOTIFICATION-TYPE + OBJECTS { + backendName, + backendAddress, + backendState + } + STATUS current + DESCRIPTION "Backend status changed" + ::= { traps 1 } + +actionTrap NOTIFICATION-TYPE + OBJECTS { + socketFamily, + socketProtocol, + fromAddress, + toAddress, + queryType, + querySize, + queryID, + qName, + qClass, + qType, + trapReason + } + STATUS current + DESCRIPTION "Trap sent by SNMPTrapAction" + ::= { traps 2 } + +customTrap NOTIFICATION-TYPE + OBJECTS { + trapReason + } + STATUS current + DESCRIPTION "Trap sent by sendCustomTrap" + ::= { traps 3 } + +--- { traps 5000 } up to and including { traps 5999 } are reserved for local, product-specific extensions to the dnsdist MIB + +--- +--- Conformance +--- + +dnsdistConformance OBJECT IDENTIFIER ::= { dnsdist 100 } + +dnsdistCompliances MODULE-COMPLIANCE + STATUS current + DESCRIPTION "dnsdist compliance statement" + MODULE + MANDATORY-GROUPS { + dnsdistGroup, + dnsdistTrapsGroup + } + ::= { dnsdistConformance 1 } + +dnsdistGroup OBJECT-GROUP + OBJECTS { + queries, + responses, + servfailResponses, + aclDrops, + ruleDrop, + ruleNXDomain, + ruleRefused, + ruleServFail, + ruleTruncated, + selfAnswered, + downstreamTimeouts, + downstreamSendErrors, + truncFailures, + noPolicy, + latency01, + latency110, + latency1050, + latency50100, + latency1001000, + latencySlow, + latencyAVG100, + latencyAVG1000, + latencyAVG10000, + latencyAVG1000000, + uptime, + realMemoryUsage, + specialMemoryUsage, + nonCompliantQueries, + nonCompliantResponses, + rdQueries, + emptyQueries, + cacheHits, + cacheMisses, + cpuUserMSec, + cpuSysMSec, + fdUsage, + dynBlocked, + dynBlockNMGSize, + securityStatus, + backendName, + backendLatency, + backendWeight, + backendOutstanding, + backendQPSLimit, + backendReused, + backendState, + backendAddress, + backendPools, + backendQPS, + backendQueries, + backendOrder, + socketFamily, + socketProtocol, + fromAddress, + toAddress, + queryType, + querySize, + queryID, + qName, + qClass, + qType, + trapReason + } + STATUS current + DESCRIPTION "Objects conformance group for dnsdist" + ::= { dnsdistConformance 2 } + +dnsdistTrapsGroup NOTIFICATION-GROUP + NOTIFICATIONS { + actionTrap, + customTrap, + backendStatusChangeTrap + } + STATUS current + DESCRIPTION "Traps conformance group for dnsdist" + ::= { dnsdistConformance 3 } + +END diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 0000000..f1a6140 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,543 @@ +AM_CPPFLAGS += $(SYSTEMD_CFLAGS) \ + $(LUA_CFLAGS) \ + $(LIBEDIT_CFLAGS) \ + $(LIBSODIUM_CFLAGS) \ + $(FSTRM_CFLAGS) \ + $(YAHTTP_CFLAGS) \ + $(NET_SNMP_CFLAGS) \ + $(NGHTTP2_CFLAGS) \ + $(LIBCAP_CFLAGS) \ + -I$(top_srcdir)/ext/protozero/include \ + -DSYSCONFDIR=\"${sysconfdir}\" \ + -DBOOST_CONTAINER_USE_STD_EXCEPTIONS + +ACLOCAL_AMFLAGS = -I m4 + +SUBDIRS=ext/ipcrypt \ + ext/yahttp + +CLEANFILES = \ + htmlfiles.h.tmp \ + htmlfiles.h \ + dnsdist-lua-ffi-interface.inc + +dnslabeltext.cc: dnslabeltext.rl + $(AM_V_GEN)$(RAGEL) $< -o dnslabeltext.cc + +BUILT_SOURCES=htmlfiles.h \ + dnsdist-lua-ffi-interface.inc \ + dnslabeltext.cc + +htmlfiles.h: $(srcdir)/html/* $(srcdir)/incfiles + $(AM_V_GEN)$(srcdir)/incfiles $(srcdir) > $@.tmp + @mv $@.tmp $@ + +dnsdist-lua-ffi-interface.inc: dnsdist-lua-ffi-interface.h + $(AM_V_GEN)echo 'R"FFIContent(' > $@ + @cat $< >> $@ + @echo ')FFIContent"' >> $@ +SRC_JS_FILES := $(wildcard src_js/*.js) +MIN_JS_FILES := $(patsubst src_js/%.js,html/js/%.min.js,$(SRC_JS_FILES)) + +html/js/%.min.js: src_js/%.js + uglifyjs $< > $@ + +min_js: $(MIN_JS_FILES) + +if HAVE_RE2 +# Some versions of pkg_config add -std=c11++, override that +AM_CPPFLAGS += $(RE2_CFLAGS) +AM_CPPFLAGS += -std=c++17 +endif + +if HAVE_DNS_OVER_TLS +if HAVE_LIBSSL +AM_CPPFLAGS += $(LIBSSL_CFLAGS) +endif + +if HAVE_GNUTLS +AM_CPPFLAGS += $(GNUTLS_CFLAGS) +endif +endif + +if HAVE_LIBCRYPTO +AM_CPPFLAGS += $(LIBCRYPTO_INCLUDES) +endif + +if HAVE_CDB +AM_CPPFLAGS += $(CDB_CFLAGS) +endif + +if HAVE_LMDB +AM_CPPFLAGS += $(LMDB_CFLAGS) +endif + +if HAVE_DNS_OVER_HTTPS +if HAVE_LIBSSL +AM_CPPFLAGS += $(LIBSSL_CFLAGS) +endif + +if HAVE_LIBH2OEVLOOP +AM_CPPFLAGS += $(LIBH2OEVLOOP_CFLAGS) +endif +endif + +EXTRA_DIST=COPYING \ + dnslabeltext.rl \ + dnsdistconf.lua \ + dnsmessage.proto \ + dnstap.proto \ + README.md \ + delaypipe.cc delaypipe.hh \ + html \ + incfiles \ + src_js \ + dnsdist.service.in \ + lua_hpp.mk \ + bpf-filter.main.ebpf \ + bpf-filter.qname.ebpf \ + bpf-filter.ebpf.src \ + DNSDIST-MIB.txt \ + devpollmplexer.cc \ + epollmplexer.cc \ + kqueuemplexer.cc \ + portsmplexer.cc \ + cdb.cc cdb.hh \ + ext/lmdb-safe/lmdb-safe.cc ext/lmdb-safe/lmdb-safe.hh \ + ext/protozero/include/* \ + builder-support/gen-version + +bin_PROGRAMS = dnsdist + +if UNIT_TESTS +noinst_PROGRAMS = testrunner +TESTS_ENVIRONMENT = env BOOST_TEST_LOG_LEVEL=message SRCDIR='$(srcdir)' +TESTS=testrunner +else +check-local: + @echo "Unit tests are not enabled" + @echo "Run ./configure --enable-unit-tests" +endif + +dnsdist-web.$(OBJEXT): htmlfiles.h +dnsdist-lua-ffi.$(OBJEXT): dnsdist-lua-ffi-interface.inc + +dnsdist_SOURCES = \ + ascii.hh \ + base64.hh \ + bpf-filter.cc bpf-filter.hh \ + cachecleaner.hh \ + capabilities.cc capabilities.hh \ + circular_buffer.hh \ + connection-management.hh \ + credentials.cc credentials.hh \ + dns.cc dns.hh \ + dnscrypt.cc dnscrypt.hh \ + dnsdist-backend.cc \ + dnsdist-cache.cc dnsdist-cache.hh \ + dnsdist-carbon.cc \ + dnsdist-console.cc dnsdist-console.hh \ + dnsdist-dnscrypt.cc \ + dnsdist-dynblocks.cc dnsdist-dynblocks.hh \ + dnsdist-dynbpf.cc dnsdist-dynbpf.hh \ + dnsdist-ecs.cc dnsdist-ecs.hh \ + dnsdist-healthchecks.cc dnsdist-healthchecks.hh \ + dnsdist-idstate.cc dnsdist-idstate.hh \ + dnsdist-kvs.hh dnsdist-kvs.cc \ + dnsdist-lbpolicies.cc dnsdist-lbpolicies.hh \ + dnsdist-lua-actions.cc \ + dnsdist-lua-bindings-dnscrypt.cc \ + dnsdist-lua-bindings-dnsquestion.cc \ + dnsdist-lua-bindings-kvs.cc \ + dnsdist-lua-bindings-packetcache.cc \ + dnsdist-lua-bindings-protobuf.cc \ + dnsdist-lua-bindings.cc \ + dnsdist-lua-ffi-interface.h dnsdist-lua-ffi-interface.inc \ + dnsdist-lua-ffi.cc dnsdist-lua-ffi.hh \ + dnsdist-lua-inspection-ffi.cc dnsdist-lua-inspection-ffi.hh \ + dnsdist-lua-inspection.cc \ + dnsdist-lua-rules.cc \ + dnsdist-lua-vars.cc \ + dnsdist-lua-web.cc \ + dnsdist-lua.cc dnsdist-lua.hh \ + dnsdist-nghttp2.cc dnsdist-nghttp2.hh \ + dnsdist-prometheus.hh \ + dnsdist-protobuf.cc dnsdist-protobuf.hh \ + dnsdist-protocols.cc dnsdist-protocols.hh \ + dnsdist-proxy-protocol.cc dnsdist-proxy-protocol.hh \ + dnsdist-rings.cc dnsdist-rings.hh \ + dnsdist-rules.cc dnsdist-rules.hh \ + dnsdist-secpoll.cc dnsdist-secpoll.hh \ + dnsdist-session-cache.cc dnsdist-session-cache.hh \ + dnsdist-snmp.cc dnsdist-snmp.hh \ + dnsdist-svc.cc dnsdist-svc.hh \ + dnsdist-systemd.cc dnsdist-systemd.hh \ + dnsdist-tcp-downstream.cc dnsdist-tcp-downstream.hh \ + dnsdist-tcp-upstream.hh \ + dnsdist-tcp.cc dnsdist-tcp.hh \ + dnsdist-web.cc dnsdist-web.hh \ + dnsdist-xpf.cc dnsdist-xpf.hh \ + dnsdist.cc dnsdist.hh \ + dnslabeltext.cc \ + dnsname.cc dnsname.hh \ + dnsparser.hh dnsparser.cc \ + dnstap.cc dnstap.hh \ + dnswriter.cc dnswriter.hh \ + doh.hh doh.cc \ + dolog.hh \ + ednscookies.cc ednscookies.hh \ + ednsoptions.cc ednsoptions.hh \ + ednssubnet.cc ednssubnet.hh \ + ext/json11/json11.cpp \ + ext/json11/json11.hpp \ + ext/libbpf/libbpf.h \ + ext/luawrapper/include/LuaContext.hpp \ + fstrm_logger.cc fstrm_logger.hh \ + gettime.cc gettime.hh \ + htmlfiles.h \ + iputils.cc iputils.hh \ + libssl.cc libssl.hh \ + lock.hh \ + misc.cc misc.hh \ + mplexer.hh \ + namespaces.hh \ + noinitvector.hh \ + packetcache.hh \ + pdnsexception.hh \ + pollmplexer.cc \ + protozero.cc protozero.hh \ + proxy-protocol.cc proxy-protocol.hh \ + qtype.cc qtype.hh \ + remote_logger.cc remote_logger.hh \ + sholder.hh \ + snmp-agent.cc snmp-agent.hh \ + sodcrypto.cc sodcrypto.hh \ + sstuff.hh \ + stat_t.hh \ + statnode.cc statnode.hh \ + svc-records.cc svc-records.hh \ + tcpiohandler-mplexer.hh \ + tcpiohandler.cc tcpiohandler.hh \ + threadname.hh threadname.cc \ + uuid-utils.hh uuid-utils.cc \ + xpf.cc xpf.hh + +testrunner_SOURCES = \ + base64.hh \ + bpf-filter.cc bpf-filter.hh \ + cachecleaner.hh \ + circular_buffer.hh \ + connection-management.hh \ + credentials.cc credentials.hh \ + dns.cc dns.hh \ + dnscrypt.cc dnscrypt.hh \ + dnsdist-backend.cc \ + dnsdist-cache.cc dnsdist-cache.hh \ + dnsdist-dynblocks.cc dnsdist-dynblocks.hh \ + dnsdist-dynbpf.cc dnsdist-dynbpf.hh \ + dnsdist-ecs.cc dnsdist-ecs.hh \ + dnsdist-idstate.cc dnsdist-idstate.hh \ + dnsdist-kvs.cc dnsdist-kvs.hh \ + dnsdist-lbpolicies.cc dnsdist-lbpolicies.hh \ + dnsdist-lua-bindings-dnsquestion.cc \ + dnsdist-lua-bindings-kvs.cc \ + dnsdist-lua-bindings.cc \ + dnsdist-lua-ffi-interface.h dnsdist-lua-ffi-interface.inc \ + dnsdist-lua-ffi.cc dnsdist-lua-ffi.hh \ + dnsdist-lua-vars.cc \ + dnsdist-nghttp2.cc dnsdist-nghttp2.hh \ + dnsdist-protocols.cc dnsdist-protocols.hh \ + dnsdist-proxy-protocol.cc dnsdist-proxy-protocol.hh \ + dnsdist-rings.cc dnsdist-rings.hh \ + dnsdist-rules.cc dnsdist-rules.hh \ + dnsdist-session-cache.cc dnsdist-session-cache.hh \ + dnsdist-svc.cc dnsdist-svc.hh \ + dnsdist-tcp-downstream.cc \ + dnsdist-tcp.cc dnsdist-tcp.hh \ + dnsdist-xpf.cc dnsdist-xpf.hh \ + dnsdist.hh \ + dnslabeltext.cc \ + dnsname.cc dnsname.hh \ + dnsparser.hh dnsparser.cc \ + dnswriter.cc dnswriter.hh \ + dolog.hh \ + ednscookies.cc ednscookies.hh \ + ednsoptions.cc ednsoptions.hh \ + ednssubnet.cc ednssubnet.hh \ + ext/luawrapper/include/LuaContext.hpp \ + gettime.cc gettime.hh \ + iputils.cc iputils.hh \ + misc.cc misc.hh \ + namespaces.hh \ + noinitvector.hh \ + pdnsexception.hh \ + pollmplexer.cc \ + proxy-protocol.cc proxy-protocol.hh \ + qtype.cc qtype.hh \ + sholder.hh \ + sodcrypto.cc \ + sstuff.hh \ + stat_t.hh \ + statnode.cc statnode.hh \ + svc-records.cc svc-records.hh \ + test-base64_cc.cc \ + test-connectionmanagement_hh.cc \ + test-credentials_cc.cc \ + test-delaypipe_hh.cc \ + test-dnscrypt_cc.cc \ + test-dnsdist-connections-cache.cc \ + test-dnsdist_cc.cc \ + test-dnsdistdynblocks_hh.cc \ + test-dnsdistkvs_cc.cc \ + test-dnsdistlbpolicies_cc.cc \ + test-dnsdistnghttp2_cc.cc \ + test-dnsdistpacketcache_cc.cc \ + test-dnsdistrings_cc.cc \ + test-dnsdistrules_cc.cc \ + test-dnsdistsvc_cc.cc \ + test-dnsdisttcp_cc.cc \ + test-dnsparser_cc.cc \ + test-iputils_hh.cc \ + test-luawrapper.cc \ + test-mplexer.cc \ + test-proxy_protocol_cc.cc \ + testrunner.cc \ + threadname.hh threadname.cc \ + uuid-utils.hh uuid-utils.cc \ + xpf.cc xpf.hh + +dnsdist_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(PROGRAM_LDFLAGS) \ + -pthread + +dnsdist_LDADD = \ + $(LUA_LIBS) \ + $(LIBEDIT_LIBS) \ + $(RT_LIBS) \ + $(YAHTTP_LIBS) \ + $(LIBSODIUM_LIBS) \ + $(FSTRM_LIBS) \ + $(SYSTEMD_LIBS) \ + $(NET_SNMP_LIBS) \ + $(LIBCAP_LIBS) \ + $(IPCRYPT_LIBS) + +testrunner_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(PROGRAM_LDFLAGS) \ + $(BOOST_UNIT_TEST_FRAMEWORK_LDFLAGS) \ + -pthread + +testrunner_LDADD = \ + $(BOOST_UNIT_TEST_FRAMEWORK_LIBS) \ + $(FSTRM_LIBS) \ + $(LIBSODIUM_LIBS) \ + $(LUA_LIBS) \ + $(RT_LIBS) \ + $(LIBCAP_LIBS) + +if HAVE_CDB +dnsdist_LDADD += $(CDB_LDFLAGS) $(CDB_LIBS) +testrunner_LDADD += $(CDB_LDFLAGS) $(CDB_LIBS) +dnsdist_SOURCES += cdb.cc cdb.hh +testrunner_SOURCES += cdb.cc cdb.hh +endif + +if HAVE_RE2 +dnsdist_LDADD += $(RE2_LIBS) +endif + +if HAVE_LIBSSL +dnsdist_LDADD += $(LIBSSL_LIBS) +endif + +if HAVE_LIBCRYPTO +dnsdist_LDADD += $(LIBCRYPTO_LDFLAGS) $(LIBCRYPTO_LIBS) +testrunner_LDADD += $(LIBCRYPTO_LDFLAGS) $(LIBCRYPTO_LIBS) +dnsdist_SOURCES += ipcipher.cc ipcipher.hh +endif + +if HAVE_LMDB +dnsdist_LDADD += $(LMDB_LDFLAGS) $(LMDB_LIBS) +testrunner_LDADD += $(LMDB_LDFLAGS) $(LMDB_LIBS) +dnsdist_SOURCES += ext/lmdb-safe/lmdb-safe.cc ext/lmdb-safe/lmdb-safe.hh +testrunner_SOURCES += ext/lmdb-safe/lmdb-safe.cc ext/lmdb-safe/lmdb-safe.hh +endif + +if HAVE_DNS_OVER_TLS +if HAVE_GNUTLS +dnsdist_LDADD += -lgnutls +endif +endif + +if HAVE_DNS_OVER_HTTPS + +if HAVE_LIBH2OEVLOOP +dnsdist_LDADD += $(LIBH2OEVLOOP_LIBS) +endif + +endif + +if HAVE_NGHTTP2 +dnsdist_LDADD += $(NGHTTP2_LDFLAGS) $(NGHTTP2_LIBS) +testrunner_LDADD += $(NGHTTP2_LDFLAGS) $(NGHTTP2_LIBS) +endif + +if !HAVE_LUA_HPP +BUILT_SOURCES += lua.hpp +nodist_dnsdist_SOURCES = lua.hpp +endif + +CLEANFILES += lua.hpp + +if HAVE_FREEBSD +dnsdist_SOURCES += kqueuemplexer.cc +testrunner_SOURCES += kqueuemplexer.cc +endif + +if HAVE_OPENBSD +dnsdist_SOURCES += kqueuemplexer.cc +testrunner_SOURCES += kqueuemplexer.cc +endif + +if HAVE_LINUX +dnsdist_SOURCES += epollmplexer.cc +testrunner_SOURCES += epollmplexer.cc +endif + +if HAVE_SOLARIS +dnsdist_SOURCES += \ + devpollmplexer.cc \ + portsmplexer.cc +testrunner_SOURCES += \ + devpollmplexer.cc \ + portsmplexer.cc +endif + +MANPAGES=dnsdist.1 + +dist_man_MANS=$(MANPAGES) + +if HAVE_VENV +if !HAVE_MANPAGES +$(MANPAGES): %: docs/manpages/%.rst .venv + $(AM_V_GEN).venv/bin/python -msphinx -b man docs . $< +endif # if !HAVE_MANPAGES + +.venv: docs/requirements.txt + $(PYTHON) -m venv .venv + .venv/bin/pip install -U pip setuptools setuptools-git wheel + .venv/bin/pip install -r $< + +latex/dnsdist.pdf: docs/** .venv + .venv/bin/python -msphinx -M latexpdf docs . + +dnsdist.pdf: latex/dnsdist.pdf + mv $< $@ + +html-docs.tar.bz2: html-docs + tar cjf $@ $< + +html-docs: docs/** .venv + .venv/bin/python -msphinx -b html docs html-docs + +all-docs: html-docs html-docs.tar.bz2 dnsdist.pdf + +upload-docs: all-docs + rsync -crv --delete --no-p --chmod=g=rwX --exclude '*~' ./html-docs/ web1.powerdns.com:/srv/www/dnsdist.org + rsync -crv --no-p --chmod=g=rwX --exclude '*~' ./html-docs.tar.bz2 web1.powerdns.com:/srv/www/dnsdist.org + rsync -crv --no-p --chmod=g=rwX --exclude '*~' ./dnsdist.pdf web1.powerdns.com:/srv/www/dnsdist.org + +else # if HAVE_VENV +$(MANPAGES): + @echo "You need Python 3 and the 'venv' module to generate the manpages" + exit 1 + +html-docs: %: docs/manpages/%.rst .venv + @echo "You need Python 3 and the 'venv' module to generate the HTML docs" + exit 1 + +dnsdist.pdf: + @echo "You need Python 3 and the 'venv' module to generate the PDF" + exit 1 +endif + +if HAVE_SYSTEMD +dnsdist.service: dnsdist.service.in + $(AM_V_GEN)sed -e 's![@]bindir[@]!$(bindir)!' -e 's![@]service_user[@]!$(service_user)!' -e 's![@]service_group[@]!$(service_group)!' < $< > $@ +if !HAVE_SYSTEMD_LOCK_PERSONALITY + $(AM_V_GEN)perl -ni -e 'print unless /^LockPersonality/' $@ +endif +if !HAVE_SYSTEMD_PRIVATE_DEVICES + $(AM_V_GEN)perl -ni -e 'print unless /^PrivateDevices/' $@ +endif +if !HAVE_SYSTEMD_PRIVATE_TMP + $(AM_V_GEN)perl -ni -e 'print unless /^PrivateTmp/' $@ +endif +if !HAVE_SYSTEMD_PRIVATE_USERS + $(AM_V_GEN)perl -ni -e 'print unless /^PrivateUsers/' $@ +endif +if !HAVE_SYSTEMD_PROTECT_CLOCK + $(AM_V_GEN)perl -ni -e 'print unless /^ProtectClock/' $@ +endif +if !HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS + $(AM_V_GEN)perl -ni -e 'print unless /^ProtectControlGroups/' $@ +endif +if !HAVE_SYSTEMD_PROTECT_HOME + $(AM_V_GEN)perl -ni -e 'print unless /^ProtectHome/' $@ +endif +if !HAVE_SYSTEMD_PROTECT_HOSTNAME + $(AM_V_GEN)perl -ni -e 'print unless /^ProtectHostname/' $@ +endif +if !HAVE_SYSTEMD_PROTECT_KERNEL_LOGS + $(AM_V_GEN)perl -ni -e 'print unless /^ProtectKernelLogs/' $@ +endif +if !HAVE_SYSTEMD_PROTECT_KERNEL_MODULES + $(AM_V_GEN)perl -ni -e 'print unless /^ProtectKernelModules/' $@ +endif +if !HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES + $(AM_V_GEN)perl -ni -e 'print unless /^ProtectKernelTunables/' $@ +endif +if !HAVE_SYSTEMD_PROTECT_SYSTEM + $(AM_V_GEN)perl -ni -e 'print unless /^ProtectSystem/' $@ +endif +if !HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES + $(AM_V_GEN)perl -ni -e 'print unless /^RestrictAddressFamilies/' $@ +endif +if !HAVE_SYSTEMD_RESTRICT_NAMESPACES + $(AM_V_GEN)perl -ni -e 'print unless /^RestrictNamespaces/' $@ +endif +if !HAVE_SYSTEMD_RESTRICT_REALTIME + $(AM_V_GEN)perl -ni -e 'print unless /^RestrictRealtime/' $@ +endif +if !HAVE_SYSTEMD_RESTRICT_SUIDSGID + $(AM_V_GEN)perl -ni -e 'print unless /^RestrictSUIDSGID/' $@ +endif +if !HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES + $(AM_V_GEN)perl -ni -e 'print unless /^SystemCallArchitectures/' $@ +endif +if !HAVE_SYSTEMD_SYSTEM_CALL_FILTER + $(AM_V_GEN)perl -ni -e 'print unless /^SystemCallFilter/' $@ +endif + +dnsdist@.service: dnsdist.service + $(AM_V_GEN)sed -e 's!/dnsdist !&--config $(sysconfdir)/dnsdist-%i.conf !' \ + -e 's!RuntimeDirectory=.*!&-%i!' \ + -e 's!SyslogIdentifier=.*!&-%i!' \ + < $< >$@ + +systemdsystemunitdir = $(SYSTEMD_DIR) + +systemdsystemunit_DATA = \ + dnsdist.service \ + dnsdist@.service + +CLEANFILES += \ + dnsdist.service \ + dnsdist@.service +endif + +if !HAVE_LUA_HPP +include lua_hpp.mk +endif diff --git a/Makefile.in b/Makefile.in new file mode 100644 index 0000000..f14b5a3 --- /dev/null +++ b/Makefile.in @@ -0,0 +1,2500 @@ +# Makefile.in generated by automake 1.16.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2018 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + + +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ + +# Some versions of pkg_config add -std=c11++, override that +@HAVE_RE2_TRUE@am__append_1 = $(RE2_CFLAGS) -std=c++17 +@HAVE_DNS_OVER_TLS_TRUE@@HAVE_LIBSSL_TRUE@am__append_2 = $(LIBSSL_CFLAGS) +@HAVE_DNS_OVER_TLS_TRUE@@HAVE_GNUTLS_TRUE@am__append_3 = $(GNUTLS_CFLAGS) +@HAVE_LIBCRYPTO_TRUE@am__append_4 = $(LIBCRYPTO_INCLUDES) +@HAVE_CDB_TRUE@am__append_5 = $(CDB_CFLAGS) +@HAVE_LMDB_TRUE@am__append_6 = $(LMDB_CFLAGS) +@HAVE_DNS_OVER_HTTPS_TRUE@@HAVE_LIBSSL_TRUE@am__append_7 = $(LIBSSL_CFLAGS) +@HAVE_DNS_OVER_HTTPS_TRUE@@HAVE_LIBH2OEVLOOP_TRUE@am__append_8 = $(LIBH2OEVLOOP_CFLAGS) +bin_PROGRAMS = dnsdist$(EXEEXT) +@UNIT_TESTS_TRUE@noinst_PROGRAMS = testrunner$(EXEEXT) +@UNIT_TESTS_TRUE@TESTS = testrunner$(EXEEXT) +@HAVE_CDB_TRUE@am__append_9 = $(CDB_LDFLAGS) $(CDB_LIBS) +@HAVE_CDB_TRUE@am__append_10 = $(CDB_LDFLAGS) $(CDB_LIBS) +@HAVE_CDB_TRUE@am__append_11 = cdb.cc cdb.hh +@HAVE_CDB_TRUE@am__append_12 = cdb.cc cdb.hh +@HAVE_RE2_TRUE@am__append_13 = $(RE2_LIBS) +@HAVE_LIBSSL_TRUE@am__append_14 = $(LIBSSL_LIBS) +@HAVE_LIBCRYPTO_TRUE@am__append_15 = $(LIBCRYPTO_LDFLAGS) $(LIBCRYPTO_LIBS) +@HAVE_LIBCRYPTO_TRUE@am__append_16 = $(LIBCRYPTO_LDFLAGS) $(LIBCRYPTO_LIBS) +@HAVE_LIBCRYPTO_TRUE@am__append_17 = ipcipher.cc ipcipher.hh +@HAVE_LMDB_TRUE@am__append_18 = $(LMDB_LDFLAGS) $(LMDB_LIBS) +@HAVE_LMDB_TRUE@am__append_19 = $(LMDB_LDFLAGS) $(LMDB_LIBS) +@HAVE_LMDB_TRUE@am__append_20 = ext/lmdb-safe/lmdb-safe.cc ext/lmdb-safe/lmdb-safe.hh +@HAVE_LMDB_TRUE@am__append_21 = ext/lmdb-safe/lmdb-safe.cc ext/lmdb-safe/lmdb-safe.hh +@HAVE_DNS_OVER_TLS_TRUE@@HAVE_GNUTLS_TRUE@am__append_22 = -lgnutls +@HAVE_DNS_OVER_HTTPS_TRUE@@HAVE_LIBH2OEVLOOP_TRUE@am__append_23 = $(LIBH2OEVLOOP_LIBS) +@HAVE_NGHTTP2_TRUE@am__append_24 = $(NGHTTP2_LDFLAGS) $(NGHTTP2_LIBS) +@HAVE_NGHTTP2_TRUE@am__append_25 = $(NGHTTP2_LDFLAGS) $(NGHTTP2_LIBS) +@HAVE_LUA_HPP_FALSE@am__append_26 = lua.hpp +@HAVE_FREEBSD_TRUE@am__append_27 = kqueuemplexer.cc +@HAVE_FREEBSD_TRUE@am__append_28 = kqueuemplexer.cc +@HAVE_OPENBSD_TRUE@am__append_29 = kqueuemplexer.cc +@HAVE_OPENBSD_TRUE@am__append_30 = kqueuemplexer.cc +@HAVE_LINUX_TRUE@am__append_31 = epollmplexer.cc +@HAVE_LINUX_TRUE@am__append_32 = epollmplexer.cc +@HAVE_SOLARIS_TRUE@am__append_33 = \ +@HAVE_SOLARIS_TRUE@ devpollmplexer.cc \ +@HAVE_SOLARIS_TRUE@ portsmplexer.cc + +@HAVE_SOLARIS_TRUE@am__append_34 = \ +@HAVE_SOLARIS_TRUE@ devpollmplexer.cc \ +@HAVE_SOLARIS_TRUE@ portsmplexer.cc + +@HAVE_SYSTEMD_TRUE@am__append_35 = \ +@HAVE_SYSTEMD_TRUE@ dnsdist.service \ +@HAVE_SYSTEMD_TRUE@ dnsdist@.service + +subdir = . +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/m4/ac_pthread_set_name.m4 \ + $(top_srcdir)/m4/ax_arg_default_enable_disable.m4 \ + $(top_srcdir)/m4/ax_check_sign.m4 \ + $(top_srcdir)/m4/ax_compile_check_sizeof.m4 \ + $(top_srcdir)/m4/ax_cxx_compile_stdcxx.m4 \ + $(top_srcdir)/m4/ax_cxx_compile_stdcxx_17.m4 \ + $(top_srcdir)/m4/ax_python_module.m4 $(top_srcdir)/m4/boost.m4 \ + $(top_srcdir)/m4/dnsdist_enable_dnscrypt.m4 \ + $(top_srcdir)/m4/dnsdist_enable_doh.m4 \ + $(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \ + $(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \ + $(top_srcdir)/m4/lt~obsolete.m4 \ + $(top_srcdir)/m4/pdns_check_cdb.m4 \ + $(top_srcdir)/m4/pdns_check_clock_gettime.m4 \ + $(top_srcdir)/m4/pdns_check_dnstap.m4 \ + $(top_srcdir)/m4/pdns_check_libcrypto.m4 \ + $(top_srcdir)/m4/pdns_check_libedit.m4 \ + $(top_srcdir)/m4/pdns_check_libh2o_evloop.m4 \ + $(top_srcdir)/m4/pdns_check_lmdb.m4 \ + $(top_srcdir)/m4/pdns_check_lua_hpp.m4 \ + $(top_srcdir)/m4/pdns_check_network_libs.m4 \ + $(top_srcdir)/m4/pdns_check_os.m4 \ + $(top_srcdir)/m4/pdns_check_pthread_np.m4 \ + $(top_srcdir)/m4/pdns_check_python_venv.m4 \ + $(top_srcdir)/m4/pdns_check_ragel.m4 \ + $(top_srcdir)/m4/pdns_check_secure_memset.m4 \ + $(top_srcdir)/m4/pdns_check_time_t.m4 \ + $(top_srcdir)/m4/pdns_d_fortify_source.m4 \ + $(top_srcdir)/m4/pdns_enable_sanitizers.m4 \ + $(top_srcdir)/m4/pdns_enable_tls.m4 \ + $(top_srcdir)/m4/pdns_enable_unit_tests.m4 \ + $(top_srcdir)/m4/pdns_param_ssp_buffer_size.m4 \ + $(top_srcdir)/m4/pdns_pie.m4 $(top_srcdir)/m4/pdns_relro.m4 \ + $(top_srcdir)/m4/pdns_stack_protector.m4 \ + $(top_srcdir)/m4/pdns_with_ebpf.m4 \ + $(top_srcdir)/m4/pdns_with_gnutls.m4 \ + $(top_srcdir)/m4/pdns_with_libcap.m4 \ + $(top_srcdir)/m4/pdns_with_libsodium.m4 \ + $(top_srcdir)/m4/pdns_with_libssl.m4 \ + $(top_srcdir)/m4/pdns_with_lua.m4 \ + $(top_srcdir)/m4/pdns_with_net_snmp.m4 \ + $(top_srcdir)/m4/pdns_with_nghttp2.m4 \ + $(top_srcdir)/m4/pdns_with_re2.m4 \ + $(top_srcdir)/m4/pdns_with_service_user.m4 \ + $(top_srcdir)/m4/systemd.m4 $(top_srcdir)/m4/warnings.m4 \ + $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(top_srcdir)/configure \ + $(am__configure_deps) $(am__DIST_COMMON) +am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \ + configure.lineno config.status.lineno +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" \ + "$(DESTDIR)$(systemdsystemunitdir)" +PROGRAMS = $(bin_PROGRAMS) $(noinst_PROGRAMS) +am__dnsdist_SOURCES_DIST = ascii.hh base64.hh bpf-filter.cc \ + bpf-filter.hh cachecleaner.hh capabilities.cc capabilities.hh \ + circular_buffer.hh connection-management.hh credentials.cc \ + credentials.hh dns.cc dns.hh dnscrypt.cc dnscrypt.hh \ + dnsdist-backend.cc dnsdist-cache.cc dnsdist-cache.hh \ + dnsdist-carbon.cc dnsdist-console.cc dnsdist-console.hh \ + dnsdist-dnscrypt.cc dnsdist-dynblocks.cc dnsdist-dynblocks.hh \ + dnsdist-dynbpf.cc dnsdist-dynbpf.hh dnsdist-ecs.cc \ + dnsdist-ecs.hh dnsdist-healthchecks.cc dnsdist-healthchecks.hh \ + dnsdist-idstate.cc dnsdist-idstate.hh dnsdist-kvs.hh \ + dnsdist-kvs.cc dnsdist-lbpolicies.cc dnsdist-lbpolicies.hh \ + dnsdist-lua-actions.cc dnsdist-lua-bindings-dnscrypt.cc \ + dnsdist-lua-bindings-dnsquestion.cc \ + dnsdist-lua-bindings-kvs.cc \ + dnsdist-lua-bindings-packetcache.cc \ + dnsdist-lua-bindings-protobuf.cc dnsdist-lua-bindings.cc \ + dnsdist-lua-ffi-interface.h dnsdist-lua-ffi-interface.inc \ + dnsdist-lua-ffi.cc dnsdist-lua-ffi.hh \ + dnsdist-lua-inspection-ffi.cc dnsdist-lua-inspection-ffi.hh \ + dnsdist-lua-inspection.cc dnsdist-lua-rules.cc \ + dnsdist-lua-vars.cc dnsdist-lua-web.cc dnsdist-lua.cc \ + dnsdist-lua.hh dnsdist-nghttp2.cc dnsdist-nghttp2.hh \ + dnsdist-prometheus.hh dnsdist-protobuf.cc dnsdist-protobuf.hh \ + dnsdist-protocols.cc dnsdist-protocols.hh \ + dnsdist-proxy-protocol.cc dnsdist-proxy-protocol.hh \ + dnsdist-rings.cc dnsdist-rings.hh dnsdist-rules.cc \ + dnsdist-rules.hh dnsdist-secpoll.cc dnsdist-secpoll.hh \ + dnsdist-session-cache.cc dnsdist-session-cache.hh \ + dnsdist-snmp.cc dnsdist-snmp.hh dnsdist-svc.cc dnsdist-svc.hh \ + dnsdist-systemd.cc dnsdist-systemd.hh \ + dnsdist-tcp-downstream.cc dnsdist-tcp-downstream.hh \ + dnsdist-tcp-upstream.hh dnsdist-tcp.cc dnsdist-tcp.hh \ + dnsdist-web.cc dnsdist-web.hh dnsdist-xpf.cc dnsdist-xpf.hh \ + dnsdist.cc dnsdist.hh dnslabeltext.cc dnsname.cc dnsname.hh \ + dnsparser.hh dnsparser.cc dnstap.cc dnstap.hh dnswriter.cc \ + dnswriter.hh doh.hh doh.cc dolog.hh ednscookies.cc \ + ednscookies.hh ednsoptions.cc ednsoptions.hh ednssubnet.cc \ + ednssubnet.hh ext/json11/json11.cpp ext/json11/json11.hpp \ + ext/libbpf/libbpf.h ext/luawrapper/include/LuaContext.hpp \ + fstrm_logger.cc fstrm_logger.hh gettime.cc gettime.hh \ + htmlfiles.h iputils.cc iputils.hh libssl.cc libssl.hh lock.hh \ + misc.cc misc.hh mplexer.hh namespaces.hh noinitvector.hh \ + packetcache.hh pdnsexception.hh pollmplexer.cc protozero.cc \ + protozero.hh proxy-protocol.cc proxy-protocol.hh qtype.cc \ + qtype.hh remote_logger.cc remote_logger.hh sholder.hh \ + snmp-agent.cc snmp-agent.hh sodcrypto.cc sodcrypto.hh \ + sstuff.hh stat_t.hh statnode.cc statnode.hh svc-records.cc \ + svc-records.hh tcpiohandler-mplexer.hh tcpiohandler.cc \ + tcpiohandler.hh threadname.hh threadname.cc uuid-utils.hh \ + uuid-utils.cc xpf.cc xpf.hh cdb.cc cdb.hh ipcipher.cc \ + ipcipher.hh ext/lmdb-safe/lmdb-safe.cc \ + ext/lmdb-safe/lmdb-safe.hh kqueuemplexer.cc epollmplexer.cc \ + devpollmplexer.cc portsmplexer.cc +am__dirstamp = $(am__leading_dot)dirstamp +@HAVE_CDB_TRUE@am__objects_1 = cdb.$(OBJEXT) +@HAVE_LIBCRYPTO_TRUE@am__objects_2 = ipcipher.$(OBJEXT) +@HAVE_LMDB_TRUE@am__objects_3 = ext/lmdb-safe/lmdb-safe.$(OBJEXT) +@HAVE_FREEBSD_TRUE@am__objects_4 = kqueuemplexer.$(OBJEXT) +@HAVE_OPENBSD_TRUE@am__objects_5 = kqueuemplexer.$(OBJEXT) +@HAVE_LINUX_TRUE@am__objects_6 = epollmplexer.$(OBJEXT) +@HAVE_SOLARIS_TRUE@am__objects_7 = devpollmplexer.$(OBJEXT) \ +@HAVE_SOLARIS_TRUE@ portsmplexer.$(OBJEXT) +am_dnsdist_OBJECTS = bpf-filter.$(OBJEXT) capabilities.$(OBJEXT) \ + credentials.$(OBJEXT) dns.$(OBJEXT) dnscrypt.$(OBJEXT) \ + dnsdist-backend.$(OBJEXT) dnsdist-cache.$(OBJEXT) \ + dnsdist-carbon.$(OBJEXT) dnsdist-console.$(OBJEXT) \ + dnsdist-dnscrypt.$(OBJEXT) dnsdist-dynblocks.$(OBJEXT) \ + dnsdist-dynbpf.$(OBJEXT) dnsdist-ecs.$(OBJEXT) \ + dnsdist-healthchecks.$(OBJEXT) dnsdist-idstate.$(OBJEXT) \ + dnsdist-kvs.$(OBJEXT) dnsdist-lbpolicies.$(OBJEXT) \ + dnsdist-lua-actions.$(OBJEXT) \ + dnsdist-lua-bindings-dnscrypt.$(OBJEXT) \ + dnsdist-lua-bindings-dnsquestion.$(OBJEXT) \ + dnsdist-lua-bindings-kvs.$(OBJEXT) \ + dnsdist-lua-bindings-packetcache.$(OBJEXT) \ + dnsdist-lua-bindings-protobuf.$(OBJEXT) \ + dnsdist-lua-bindings.$(OBJEXT) dnsdist-lua-ffi.$(OBJEXT) \ + dnsdist-lua-inspection-ffi.$(OBJEXT) \ + dnsdist-lua-inspection.$(OBJEXT) dnsdist-lua-rules.$(OBJEXT) \ + dnsdist-lua-vars.$(OBJEXT) dnsdist-lua-web.$(OBJEXT) \ + dnsdist-lua.$(OBJEXT) dnsdist-nghttp2.$(OBJEXT) \ + dnsdist-protobuf.$(OBJEXT) dnsdist-protocols.$(OBJEXT) \ + dnsdist-proxy-protocol.$(OBJEXT) dnsdist-rings.$(OBJEXT) \ + dnsdist-rules.$(OBJEXT) dnsdist-secpoll.$(OBJEXT) \ + dnsdist-session-cache.$(OBJEXT) dnsdist-snmp.$(OBJEXT) \ + dnsdist-svc.$(OBJEXT) dnsdist-systemd.$(OBJEXT) \ + dnsdist-tcp-downstream.$(OBJEXT) dnsdist-tcp.$(OBJEXT) \ + dnsdist-web.$(OBJEXT) dnsdist-xpf.$(OBJEXT) dnsdist.$(OBJEXT) \ + dnslabeltext.$(OBJEXT) dnsname.$(OBJEXT) dnsparser.$(OBJEXT) \ + dnstap.$(OBJEXT) dnswriter.$(OBJEXT) doh.$(OBJEXT) \ + ednscookies.$(OBJEXT) ednsoptions.$(OBJEXT) \ + ednssubnet.$(OBJEXT) ext/json11/json11.$(OBJEXT) \ + fstrm_logger.$(OBJEXT) gettime.$(OBJEXT) iputils.$(OBJEXT) \ + libssl.$(OBJEXT) misc.$(OBJEXT) pollmplexer.$(OBJEXT) \ + protozero.$(OBJEXT) proxy-protocol.$(OBJEXT) qtype.$(OBJEXT) \ + remote_logger.$(OBJEXT) snmp-agent.$(OBJEXT) \ + sodcrypto.$(OBJEXT) statnode.$(OBJEXT) svc-records.$(OBJEXT) \ + tcpiohandler.$(OBJEXT) threadname.$(OBJEXT) \ + uuid-utils.$(OBJEXT) xpf.$(OBJEXT) $(am__objects_1) \ + $(am__objects_2) $(am__objects_3) $(am__objects_4) \ + $(am__objects_5) $(am__objects_6) $(am__objects_7) +nodist_dnsdist_OBJECTS = +dnsdist_OBJECTS = $(am_dnsdist_OBJECTS) $(nodist_dnsdist_OBJECTS) +am__DEPENDENCIES_1 = +@HAVE_CDB_TRUE@am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1) +@HAVE_RE2_TRUE@am__DEPENDENCIES_3 = $(am__DEPENDENCIES_1) +@HAVE_LIBSSL_TRUE@am__DEPENDENCIES_4 = $(am__DEPENDENCIES_1) +@HAVE_LIBCRYPTO_TRUE@am__DEPENDENCIES_5 = $(am__DEPENDENCIES_1) \ +@HAVE_LIBCRYPTO_TRUE@ $(am__DEPENDENCIES_1) +@HAVE_LMDB_TRUE@am__DEPENDENCIES_6 = $(am__DEPENDENCIES_1) +@HAVE_DNS_OVER_HTTPS_TRUE@@HAVE_LIBH2OEVLOOP_TRUE@am__DEPENDENCIES_7 = $(am__DEPENDENCIES_1) +@HAVE_NGHTTP2_TRUE@am__DEPENDENCIES_8 = $(am__DEPENDENCIES_1) +dnsdist_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_3) \ + $(am__DEPENDENCIES_4) $(am__DEPENDENCIES_5) \ + $(am__DEPENDENCIES_6) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_7) $(am__DEPENDENCIES_8) +AM_V_lt = $(am__v_lt_@AM_V@) +am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) +am__v_lt_0 = --silent +am__v_lt_1 = +dnsdist_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \ + $(CXXFLAGS) $(dnsdist_LDFLAGS) $(LDFLAGS) -o $@ +am__testrunner_SOURCES_DIST = base64.hh bpf-filter.cc bpf-filter.hh \ + cachecleaner.hh circular_buffer.hh connection-management.hh \ + credentials.cc credentials.hh dns.cc dns.hh dnscrypt.cc \ + dnscrypt.hh dnsdist-backend.cc dnsdist-cache.cc \ + dnsdist-cache.hh dnsdist-dynblocks.cc dnsdist-dynblocks.hh \ + dnsdist-dynbpf.cc dnsdist-dynbpf.hh dnsdist-ecs.cc \ + dnsdist-ecs.hh dnsdist-idstate.cc dnsdist-idstate.hh \ + dnsdist-kvs.cc dnsdist-kvs.hh dnsdist-lbpolicies.cc \ + dnsdist-lbpolicies.hh dnsdist-lua-bindings-dnsquestion.cc \ + dnsdist-lua-bindings-kvs.cc dnsdist-lua-bindings.cc \ + dnsdist-lua-ffi-interface.h dnsdist-lua-ffi-interface.inc \ + dnsdist-lua-ffi.cc dnsdist-lua-ffi.hh dnsdist-lua-vars.cc \ + dnsdist-nghttp2.cc dnsdist-nghttp2.hh dnsdist-protocols.cc \ + dnsdist-protocols.hh dnsdist-proxy-protocol.cc \ + dnsdist-proxy-protocol.hh dnsdist-rings.cc dnsdist-rings.hh \ + dnsdist-rules.cc dnsdist-rules.hh dnsdist-session-cache.cc \ + dnsdist-session-cache.hh dnsdist-svc.cc dnsdist-svc.hh \ + dnsdist-tcp-downstream.cc dnsdist-tcp.cc dnsdist-tcp.hh \ + dnsdist-xpf.cc dnsdist-xpf.hh dnsdist.hh dnslabeltext.cc \ + dnsname.cc dnsname.hh dnsparser.hh dnsparser.cc dnswriter.cc \ + dnswriter.hh dolog.hh ednscookies.cc ednscookies.hh \ + ednsoptions.cc ednsoptions.hh ednssubnet.cc ednssubnet.hh \ + ext/luawrapper/include/LuaContext.hpp gettime.cc gettime.hh \ + iputils.cc iputils.hh misc.cc misc.hh namespaces.hh \ + noinitvector.hh pdnsexception.hh pollmplexer.cc \ + proxy-protocol.cc proxy-protocol.hh qtype.cc qtype.hh \ + sholder.hh sodcrypto.cc sstuff.hh stat_t.hh statnode.cc \ + statnode.hh svc-records.cc svc-records.hh test-base64_cc.cc \ + test-connectionmanagement_hh.cc test-credentials_cc.cc \ + test-delaypipe_hh.cc test-dnscrypt_cc.cc \ + test-dnsdist-connections-cache.cc test-dnsdist_cc.cc \ + test-dnsdistdynblocks_hh.cc test-dnsdistkvs_cc.cc \ + test-dnsdistlbpolicies_cc.cc test-dnsdistnghttp2_cc.cc \ + test-dnsdistpacketcache_cc.cc test-dnsdistrings_cc.cc \ + test-dnsdistrules_cc.cc test-dnsdistsvc_cc.cc \ + test-dnsdisttcp_cc.cc test-dnsparser_cc.cc test-iputils_hh.cc \ + test-luawrapper.cc test-mplexer.cc test-proxy_protocol_cc.cc \ + testrunner.cc threadname.hh threadname.cc uuid-utils.hh \ + uuid-utils.cc xpf.cc xpf.hh cdb.cc cdb.hh \ + ext/lmdb-safe/lmdb-safe.cc ext/lmdb-safe/lmdb-safe.hh \ + kqueuemplexer.cc epollmplexer.cc devpollmplexer.cc \ + portsmplexer.cc +am_testrunner_OBJECTS = bpf-filter.$(OBJEXT) credentials.$(OBJEXT) \ + dns.$(OBJEXT) dnscrypt.$(OBJEXT) dnsdist-backend.$(OBJEXT) \ + dnsdist-cache.$(OBJEXT) dnsdist-dynblocks.$(OBJEXT) \ + dnsdist-dynbpf.$(OBJEXT) dnsdist-ecs.$(OBJEXT) \ + dnsdist-idstate.$(OBJEXT) dnsdist-kvs.$(OBJEXT) \ + dnsdist-lbpolicies.$(OBJEXT) \ + dnsdist-lua-bindings-dnsquestion.$(OBJEXT) \ + dnsdist-lua-bindings-kvs.$(OBJEXT) \ + dnsdist-lua-bindings.$(OBJEXT) dnsdist-lua-ffi.$(OBJEXT) \ + dnsdist-lua-vars.$(OBJEXT) dnsdist-nghttp2.$(OBJEXT) \ + dnsdist-protocols.$(OBJEXT) dnsdist-proxy-protocol.$(OBJEXT) \ + dnsdist-rings.$(OBJEXT) dnsdist-rules.$(OBJEXT) \ + dnsdist-session-cache.$(OBJEXT) dnsdist-svc.$(OBJEXT) \ + dnsdist-tcp-downstream.$(OBJEXT) dnsdist-tcp.$(OBJEXT) \ + dnsdist-xpf.$(OBJEXT) dnslabeltext.$(OBJEXT) dnsname.$(OBJEXT) \ + dnsparser.$(OBJEXT) dnswriter.$(OBJEXT) ednscookies.$(OBJEXT) \ + ednsoptions.$(OBJEXT) ednssubnet.$(OBJEXT) gettime.$(OBJEXT) \ + iputils.$(OBJEXT) misc.$(OBJEXT) pollmplexer.$(OBJEXT) \ + proxy-protocol.$(OBJEXT) qtype.$(OBJEXT) sodcrypto.$(OBJEXT) \ + statnode.$(OBJEXT) svc-records.$(OBJEXT) \ + test-base64_cc.$(OBJEXT) \ + test-connectionmanagement_hh.$(OBJEXT) \ + test-credentials_cc.$(OBJEXT) test-delaypipe_hh.$(OBJEXT) \ + test-dnscrypt_cc.$(OBJEXT) \ + test-dnsdist-connections-cache.$(OBJEXT) \ + test-dnsdist_cc.$(OBJEXT) test-dnsdistdynblocks_hh.$(OBJEXT) \ + test-dnsdistkvs_cc.$(OBJEXT) \ + test-dnsdistlbpolicies_cc.$(OBJEXT) \ + test-dnsdistnghttp2_cc.$(OBJEXT) \ + test-dnsdistpacketcache_cc.$(OBJEXT) \ + test-dnsdistrings_cc.$(OBJEXT) test-dnsdistrules_cc.$(OBJEXT) \ + test-dnsdistsvc_cc.$(OBJEXT) test-dnsdisttcp_cc.$(OBJEXT) \ + test-dnsparser_cc.$(OBJEXT) test-iputils_hh.$(OBJEXT) \ + test-luawrapper.$(OBJEXT) test-mplexer.$(OBJEXT) \ + test-proxy_protocol_cc.$(OBJEXT) testrunner.$(OBJEXT) \ + threadname.$(OBJEXT) uuid-utils.$(OBJEXT) xpf.$(OBJEXT) \ + $(am__objects_1) $(am__objects_3) $(am__objects_4) \ + $(am__objects_5) $(am__objects_6) $(am__objects_7) +testrunner_OBJECTS = $(am_testrunner_OBJECTS) +testrunner_DEPENDENCIES = $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_1) $(am__DEPENDENCIES_1) \ + $(am__DEPENDENCIES_2) $(am__DEPENDENCIES_5) \ + $(am__DEPENDENCIES_6) $(am__DEPENDENCIES_8) +testrunner_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \ + $(CXXFLAGS) $(testrunner_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +DEFAULT_INCLUDES = -I.@am__isrc@ +depcomp = $(SHELL) $(top_srcdir)/depcomp +am__maybe_remake_depfiles = depfiles +am__depfiles_remade = ./$(DEPDIR)/bpf-filter.Po \ + ./$(DEPDIR)/capabilities.Po ./$(DEPDIR)/cdb.Po \ + ./$(DEPDIR)/credentials.Po ./$(DEPDIR)/devpollmplexer.Po \ + ./$(DEPDIR)/dns.Po ./$(DEPDIR)/dnscrypt.Po \ + ./$(DEPDIR)/dnsdist-backend.Po ./$(DEPDIR)/dnsdist-cache.Po \ + ./$(DEPDIR)/dnsdist-carbon.Po ./$(DEPDIR)/dnsdist-console.Po \ + ./$(DEPDIR)/dnsdist-dnscrypt.Po \ + ./$(DEPDIR)/dnsdist-dynblocks.Po ./$(DEPDIR)/dnsdist-dynbpf.Po \ + ./$(DEPDIR)/dnsdist-ecs.Po ./$(DEPDIR)/dnsdist-healthchecks.Po \ + ./$(DEPDIR)/dnsdist-idstate.Po ./$(DEPDIR)/dnsdist-kvs.Po \ + ./$(DEPDIR)/dnsdist-lbpolicies.Po \ + ./$(DEPDIR)/dnsdist-lua-actions.Po \ + ./$(DEPDIR)/dnsdist-lua-bindings-dnscrypt.Po \ + ./$(DEPDIR)/dnsdist-lua-bindings-dnsquestion.Po \ + ./$(DEPDIR)/dnsdist-lua-bindings-kvs.Po \ + ./$(DEPDIR)/dnsdist-lua-bindings-packetcache.Po \ + ./$(DEPDIR)/dnsdist-lua-bindings-protobuf.Po \ + ./$(DEPDIR)/dnsdist-lua-bindings.Po \ + ./$(DEPDIR)/dnsdist-lua-ffi.Po \ + ./$(DEPDIR)/dnsdist-lua-inspection-ffi.Po \ + ./$(DEPDIR)/dnsdist-lua-inspection.Po \ + ./$(DEPDIR)/dnsdist-lua-rules.Po \ + ./$(DEPDIR)/dnsdist-lua-vars.Po ./$(DEPDIR)/dnsdist-lua-web.Po \ + ./$(DEPDIR)/dnsdist-lua.Po ./$(DEPDIR)/dnsdist-nghttp2.Po \ + ./$(DEPDIR)/dnsdist-protobuf.Po \ + ./$(DEPDIR)/dnsdist-protocols.Po \ + ./$(DEPDIR)/dnsdist-proxy-protocol.Po \ + ./$(DEPDIR)/dnsdist-rings.Po ./$(DEPDIR)/dnsdist-rules.Po \ + ./$(DEPDIR)/dnsdist-secpoll.Po \ + ./$(DEPDIR)/dnsdist-session-cache.Po \ + ./$(DEPDIR)/dnsdist-snmp.Po ./$(DEPDIR)/dnsdist-svc.Po \ + ./$(DEPDIR)/dnsdist-systemd.Po \ + ./$(DEPDIR)/dnsdist-tcp-downstream.Po \ + ./$(DEPDIR)/dnsdist-tcp.Po ./$(DEPDIR)/dnsdist-web.Po \ + ./$(DEPDIR)/dnsdist-xpf.Po ./$(DEPDIR)/dnsdist.Po \ + ./$(DEPDIR)/dnslabeltext.Po ./$(DEPDIR)/dnsname.Po \ + ./$(DEPDIR)/dnsparser.Po ./$(DEPDIR)/dnstap.Po \ + ./$(DEPDIR)/dnswriter.Po ./$(DEPDIR)/doh.Po \ + ./$(DEPDIR)/ednscookies.Po ./$(DEPDIR)/ednsoptions.Po \ + ./$(DEPDIR)/ednssubnet.Po ./$(DEPDIR)/epollmplexer.Po \ + ./$(DEPDIR)/fstrm_logger.Po ./$(DEPDIR)/gettime.Po \ + ./$(DEPDIR)/ipcipher.Po ./$(DEPDIR)/iputils.Po \ + ./$(DEPDIR)/kqueuemplexer.Po ./$(DEPDIR)/libssl.Po \ + ./$(DEPDIR)/misc.Po ./$(DEPDIR)/pollmplexer.Po \ + ./$(DEPDIR)/portsmplexer.Po ./$(DEPDIR)/protozero.Po \ + ./$(DEPDIR)/proxy-protocol.Po ./$(DEPDIR)/qtype.Po \ + ./$(DEPDIR)/remote_logger.Po ./$(DEPDIR)/snmp-agent.Po \ + ./$(DEPDIR)/sodcrypto.Po ./$(DEPDIR)/statnode.Po \ + ./$(DEPDIR)/svc-records.Po ./$(DEPDIR)/tcpiohandler.Po \ + ./$(DEPDIR)/test-base64_cc.Po \ + ./$(DEPDIR)/test-connectionmanagement_hh.Po \ + ./$(DEPDIR)/test-credentials_cc.Po \ + ./$(DEPDIR)/test-delaypipe_hh.Po \ + ./$(DEPDIR)/test-dnscrypt_cc.Po \ + ./$(DEPDIR)/test-dnsdist-connections-cache.Po \ + ./$(DEPDIR)/test-dnsdist_cc.Po \ + ./$(DEPDIR)/test-dnsdistdynblocks_hh.Po \ + ./$(DEPDIR)/test-dnsdistkvs_cc.Po \ + ./$(DEPDIR)/test-dnsdistlbpolicies_cc.Po \ + ./$(DEPDIR)/test-dnsdistnghttp2_cc.Po \ + ./$(DEPDIR)/test-dnsdistpacketcache_cc.Po \ + ./$(DEPDIR)/test-dnsdistrings_cc.Po \ + ./$(DEPDIR)/test-dnsdistrules_cc.Po \ + ./$(DEPDIR)/test-dnsdistsvc_cc.Po \ + ./$(DEPDIR)/test-dnsdisttcp_cc.Po \ + ./$(DEPDIR)/test-dnsparser_cc.Po \ + ./$(DEPDIR)/test-iputils_hh.Po ./$(DEPDIR)/test-luawrapper.Po \ + ./$(DEPDIR)/test-mplexer.Po \ + ./$(DEPDIR)/test-proxy_protocol_cc.Po \ + ./$(DEPDIR)/testrunner.Po ./$(DEPDIR)/threadname.Po \ + ./$(DEPDIR)/uuid-utils.Po ./$(DEPDIR)/xpf.Po \ + ext/json11/$(DEPDIR)/json11.Po \ + ext/lmdb-safe/$(DEPDIR)/lmdb-safe.Po +am__mv = mv -f +CXXCOMPILE = $(CXX) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) \ + $(AM_CPPFLAGS) $(CPPFLAGS) $(AM_CXXFLAGS) $(CXXFLAGS) +LTCXXCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CXX) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CXXFLAGS) $(CXXFLAGS) +AM_V_CXX = $(am__v_CXX_@AM_V@) +am__v_CXX_ = $(am__v_CXX_@AM_DEFAULT_V@) +am__v_CXX_0 = @echo " CXX " $@; +am__v_CXX_1 = +CXXLD = $(CXX) +CXXLINK = $(LIBTOOL) $(AM_V_lt) --tag=CXX $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CXXLD) $(AM_CXXFLAGS) \ + $(CXXFLAGS) $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CXXLD = $(am__v_CXXLD_@AM_V@) +am__v_CXXLD_ = $(am__v_CXXLD_@AM_DEFAULT_V@) +am__v_CXXLD_0 = @echo " CXXLD " $@; +am__v_CXXLD_1 = +COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ + $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) +LTCOMPILE = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) \ + $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) \ + $(AM_CFLAGS) $(CFLAGS) +AM_V_CC = $(am__v_CC_@AM_V@) +am__v_CC_ = $(am__v_CC_@AM_DEFAULT_V@) +am__v_CC_0 = @echo " CC " $@; +am__v_CC_1 = +CCLD = $(CC) +LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ + $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ + $(AM_LDFLAGS) $(LDFLAGS) -o $@ +AM_V_CCLD = $(am__v_CCLD_@AM_V@) +am__v_CCLD_ = $(am__v_CCLD_@AM_DEFAULT_V@) +am__v_CCLD_0 = @echo " CCLD " $@; +am__v_CCLD_1 = +SOURCES = $(dnsdist_SOURCES) $(nodist_dnsdist_SOURCES) \ + $(testrunner_SOURCES) +DIST_SOURCES = $(am__dnsdist_SOURCES_DIST) \ + $(am__testrunner_SOURCES_DIST) +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +NROFF = nroff +MANS = $(dist_man_MANS) +DATA = $(systemdsystemunit_DATA) +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + cscope check recheck distdir distdir-am dist dist-all \ + distcheck +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ + $(LISP)config.h.in +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +CSCOPE = cscope +am__tty_colors_dummy = \ + mgn= red= grn= lgn= blu= brg= std=; \ + am__color_tests=no +am__tty_colors = { \ + $(am__tty_colors_dummy); \ + if test "X$(AM_COLOR_TESTS)" = Xno; then \ + am__color_tests=no; \ + elif test "X$(AM_COLOR_TESTS)" = Xalways; then \ + am__color_tests=yes; \ + elif test "X$$TERM" != Xdumb && { test -t 1; } 2>/dev/null; then \ + am__color_tests=yes; \ + fi; \ + if test $$am__color_tests = yes; then \ + red=''; \ + grn=''; \ + lgn=''; \ + blu=''; \ + mgn=''; \ + brg=''; \ + std=''; \ + fi; \ +} +am__recheck_rx = ^[ ]*:recheck:[ ]* +am__global_test_result_rx = ^[ ]*:global-test-result:[ ]* +am__copy_in_global_log_rx = ^[ ]*:copy-in-global-log:[ ]* +# A command that, given a newline-separated list of test names on the +# standard input, print the name of the tests that are to be re-run +# upon "make recheck". +am__list_recheck_tests = $(AWK) '{ \ + recheck = 1; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + { \ + if ((getline line2 < ($$0 ".log")) < 0) \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[nN][Oo]/) \ + { \ + recheck = 0; \ + break; \ + } \ + else if (line ~ /$(am__recheck_rx)[yY][eE][sS]/) \ + { \ + break; \ + } \ + }; \ + if (recheck) \ + print $$0; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# A command that, given a newline-separated list of test names on the +# standard input, create the global log from their .trs and .log files. +am__create_global_log = $(AWK) ' \ +function fatal(msg) \ +{ \ + print "fatal: making $@: " msg | "cat >&2"; \ + exit 1; \ +} \ +function rst_section(header) \ +{ \ + print header; \ + len = length(header); \ + for (i = 1; i <= len; i = i + 1) \ + printf "="; \ + printf "\n\n"; \ +} \ +{ \ + copy_in_global_log = 1; \ + global_test_result = "RUN"; \ + while ((rc = (getline line < ($$0 ".trs"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".trs"); \ + if (line ~ /$(am__global_test_result_rx)/) \ + { \ + sub("$(am__global_test_result_rx)", "", line); \ + sub("[ ]*$$", "", line); \ + global_test_result = line; \ + } \ + else if (line ~ /$(am__copy_in_global_log_rx)[nN][oO]/) \ + copy_in_global_log = 0; \ + }; \ + if (copy_in_global_log) \ + { \ + rst_section(global_test_result ": " $$0); \ + while ((rc = (getline line < ($$0 ".log"))) != 0) \ + { \ + if (rc < 0) \ + fatal("failed to read from " $$0 ".log"); \ + print line; \ + }; \ + printf "\n"; \ + }; \ + close ($$0 ".trs"); \ + close ($$0 ".log"); \ +}' +# Restructured Text title. +am__rst_title = { sed 's/.*/ & /;h;s/./=/g;p;x;s/ *$$//;p;g' && echo; } +# Solaris 10 'make', and several other traditional 'make' implementations, +# pass "-e" to $(SHELL), and POSIX 2008 even requires this. Work around it +# by disabling -e (using the XSI extension "set +e") if it's set. +am__sh_e_setup = case $$- in *e*) set +e;; esac +# Default flags passed to test drivers. +am__common_driver_flags = \ + --color-tests "$$am__color_tests" \ + --enable-hard-errors "$$am__enable_hard_errors" \ + --expect-failure "$$am__expect_failure" +# To be inserted before the command running the test. Creates the +# directory for the log if needed. Stores in $dir the directory +# containing $f, in $tst the test, in $log the log. Executes the +# developer- defined test setup AM_TESTS_ENVIRONMENT (if any), and +# passes TESTS_ENVIRONMENT. Set up options for the wrapper that +# will run the test scripts (or their associated LOG_COMPILER, if +# thy have one). +am__check_pre = \ +$(am__sh_e_setup); \ +$(am__vpath_adj_setup) $(am__vpath_adj) \ +$(am__tty_colors); \ +srcdir=$(srcdir); export srcdir; \ +case "$@" in \ + */*) am__odir=`echo "./$@" | sed 's|/[^/]*$$||'`;; \ + *) am__odir=.;; \ +esac; \ +test "x$$am__odir" = x"." || test -d "$$am__odir" \ + || $(MKDIR_P) "$$am__odir" || exit $$?; \ +if test -f "./$$f"; then dir=./; \ +elif test -f "$$f"; then dir=; \ +else dir="$(srcdir)/"; fi; \ +tst=$$dir$$f; log='$@'; \ +if test -n '$(DISABLE_HARD_ERRORS)'; then \ + am__enable_hard_errors=no; \ +else \ + am__enable_hard_errors=yes; \ +fi; \ +case " $(XFAIL_TESTS) " in \ + *[\ \ ]$$f[\ \ ]* | *[\ \ ]$$dir$$f[\ \ ]*) \ + am__expect_failure=yes;; \ + *) \ + am__expect_failure=no;; \ +esac; \ +$(AM_TESTS_ENVIRONMENT) $(TESTS_ENVIRONMENT) +# A shell command to get the names of the tests scripts with any registered +# extension removed (i.e., equivalently, the names of the test logs, with +# the '.log' extension removed). The result is saved in the shell variable +# '$bases'. This honors runtime overriding of TESTS and TEST_LOGS. Sadly, +# we cannot use something simpler, involving e.g., "$(TEST_LOGS:.log=)", +# since that might cause problem with VPATH rewrites for suffix-less tests. +# See also 'test-harness-vpath-rewrite.sh' and 'test-trs-basic.sh'. +am__set_TESTS_bases = \ + bases='$(TEST_LOGS)'; \ + bases=`for i in $$bases; do echo $$i; done | sed 's/\.log$$//'`; \ + bases=`echo $$bases` +RECHECK_LOGS = $(TEST_LOGS) +TEST_SUITE_LOG = test-suite.log +TEST_EXTENSIONS = @EXEEXT@ .test +LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver +LOG_COMPILE = $(LOG_COMPILER) $(AM_LOG_FLAGS) $(LOG_FLAGS) +am__set_b = \ + case '$@' in \ + */*) \ + case '$*' in \ + */*) b='$*';; \ + *) b=`echo '$@' | sed 's/\.log$$//'`; \ + esac;; \ + *) \ + b='$*';; \ + esac +am__test_logs1 = $(TESTS:=.log) +am__test_logs2 = $(am__test_logs1:@EXEEXT@.log=.log) +TEST_LOGS = $(am__test_logs2:.test.log=.log) +TEST_LOG_DRIVER = $(SHELL) $(top_srcdir)/test-driver +TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \ + $(TEST_LOG_FLAGS) +DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(dist_man_MANS) $(srcdir)/Makefile.in \ + $(srcdir)/config.h.in $(srcdir)/lua_hpp.mk COPYING README \ + compile config.guess config.sub depcomp install-sh ltmain.sh \ + missing test-driver +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +distdir = $(PACKAGE)-$(VERSION) +top_distdir = $(distdir) +am__remove_distdir = \ + if test -d "$(distdir)"; then \ + find "$(distdir)" -type d ! -perm -200 -exec chmod u+w {} ';' \ + && rm -rf "$(distdir)" \ + || { sleep 5 && rm -rf "$(distdir)"; }; \ + else :; fi +am__post_remove_distdir = $(am__remove_distdir) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +GZIP_ENV = --best +DIST_ARCHIVES = $(distdir).tar.bz2 +DIST_TARGETS = dist-bzip2 +distuninstallcheck_listfiles = find . -type f -print +am__distuninstallcheck_listfiles = $(distuninstallcheck_listfiles) \ + | sed 's|^\./|$(prefix)/|' | grep -v '$(infodir)/dir$$' +distcleancheck_listfiles = find . -type f -print +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_CPPFLAGS = @AM_CPPFLAGS@ $(SYSTEMD_CFLAGS) $(LUA_CFLAGS) \ + $(LIBEDIT_CFLAGS) $(LIBSODIUM_CFLAGS) $(FSTRM_CFLAGS) \ + $(YAHTTP_CFLAGS) $(NET_SNMP_CFLAGS) $(NGHTTP2_CFLAGS) \ + $(LIBCAP_CFLAGS) -I$(top_srcdir)/ext/protozero/include \ + -DSYSCONFDIR=\"${sysconfdir}\" \ + -DBOOST_CONTAINER_USE_STD_EXCEPTIONS $(am__append_1) \ + $(am__append_2) $(am__append_3) $(am__append_4) \ + $(am__append_5) $(am__append_6) $(am__append_7) \ + $(am__append_8) +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +AR = @AR@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BOOST_CPPFLAGS = @BOOST_CPPFLAGS@ +BOOST_LDPATH = @BOOST_LDPATH@ +BOOST_ROOT = @BOOST_ROOT@ +BOOST_UNIT_TEST_FRAMEWORK_LDFLAGS = @BOOST_UNIT_TEST_FRAMEWORK_LDFLAGS@ +BOOST_UNIT_TEST_FRAMEWORK_LDPATH = @BOOST_UNIT_TEST_FRAMEWORK_LDPATH@ +BOOST_UNIT_TEST_FRAMEWORK_LIBS = @BOOST_UNIT_TEST_FRAMEWORK_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CDB_CFLAGS = @CDB_CFLAGS@ +CDB_LIBS = @CDB_LIBS@ +CFLAGS = @CFLAGS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CXX = @CXX@ +CXXCPP = @CXXCPP@ +CXXDEPMODE = @CXXDEPMODE@ +CXXFLAGS = @CXXFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DISTCHECK_CONFIGURE_FLAGS = @DISTCHECK_CONFIGURE_FLAGS@ +DLLTOOL = @DLLTOOL@ +DSYMUTIL = @DSYMUTIL@ +DUMPBIN = @DUMPBIN@ +DYNLINKFLAGS = @DYNLINKFLAGS@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +FGREP = @FGREP@ +FSTRM_CFLAGS = @FSTRM_CFLAGS@ +FSTRM_LIBS = @FSTRM_LIBS@ +GNUTLS_CFLAGS = @GNUTLS_CFLAGS@ +GNUTLS_LIBS = @GNUTLS_LIBS@ +GREP = @GREP@ +HAVE_CXX17 = @HAVE_CXX17@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +IPCRYPT_CFLAGS = @IPCRYPT_CFLAGS@ +IPCRYPT_LIBS = @IPCRYPT_LIBS@ +LD = @LD@ +LDFLAGS = @LDFLAGS@ +LIBCAP_CFLAGS = @LIBCAP_CFLAGS@ +LIBCAP_LIBS = @LIBCAP_LIBS@ +LIBCRYPTO_INCLUDES = @LIBCRYPTO_INCLUDES@ +LIBCRYPTO_LDFLAGS = @LIBCRYPTO_LDFLAGS@ +LIBCRYPTO_LIBS = @LIBCRYPTO_LIBS@ +LIBEDIT_CFLAGS = @LIBEDIT_CFLAGS@ +LIBEDIT_LIBS = @LIBEDIT_LIBS@ +LIBH2OEVLOOP_CFLAGS = @LIBH2OEVLOOP_CFLAGS@ +LIBH2OEVLOOP_LIBS = @LIBH2OEVLOOP_LIBS@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LIBSODIUM_CFLAGS = @LIBSODIUM_CFLAGS@ +LIBSODIUM_LIBS = @LIBSODIUM_LIBS@ +LIBSSL_CFLAGS = @LIBSSL_CFLAGS@ +LIBSSL_LIBS = @LIBSSL_LIBS@ +LIBTOOL = @LIBTOOL@ +LIPO = @LIPO@ +LMDB_CFLAGS = @LMDB_CFLAGS@ +LMDB_LIBS = @LMDB_LIBS@ +LN_S = @LN_S@ +LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBS = @LUA_LIBS@ +MAKEINFO = @MAKEINFO@ +MANIFEST_TOOL = @MANIFEST_TOOL@ +MKDIR_P = @MKDIR_P@ +NET_SNMP_CFLAGS = @NET_SNMP_CFLAGS@ +NET_SNMP_LIBS = @NET_SNMP_LIBS@ +NGHTTP2_CFLAGS = @NGHTTP2_CFLAGS@ +NGHTTP2_LIBS = @NGHTTP2_LIBS@ +NM = @NM@ +NMEDIT = @NMEDIT@ +OBJDUMP = @OBJDUMP@ +OBJEXT = @OBJEXT@ +OTOOL = @OTOOL@ +OTOOL64 = @OTOOL64@ +PACKAGE = @PACKAGE@ +PACKAGEVERSION = @PACKAGEVERSION@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PIE_CFLAGS = @PIE_CFLAGS@ +PIE_LDFLAGS = @PIE_LDFLAGS@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PROGRAM_LDFLAGS = @PROGRAM_LDFLAGS@ +PYTHON = @PYTHON@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RAGEL = @RAGEL@ +RANLIB = @RANLIB@ +RE2_CFLAGS = @RE2_CFLAGS@ +RE2_LIBS = @RE2_LIBS@ +RELRO_LDFLAGS = @RELRO_LDFLAGS@ +RT_LIBS = @RT_LIBS@ +SANITIZER_FLAGS = @SANITIZER_FLAGS@ +SED = @SED@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSTEMCTL = @SYSTEMCTL@ +SYSTEMD_CFLAGS = @SYSTEMD_CFLAGS@ +SYSTEMD_DIR = @SYSTEMD_DIR@ +SYSTEMD_LIBS = @SYSTEMD_LIBS@ +SYSTEMD_MODULES_LOAD = @SYSTEMD_MODULES_LOAD@ +THREADFLAGS = @THREADFLAGS@ +VERSION = @VERSION@ +WARN_CFLAGS = @WARN_CFLAGS@ +YAHTTP_CFLAGS = @YAHTTP_CFLAGS@ +YAHTTP_LIBS = @YAHTTP_LIBS@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_AR = @ac_ct_AR@ +ac_ct_CC = @ac_ct_CC@ +ac_ct_CXX = @ac_ct_CXX@ +ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +docdir = @docdir@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +service_group = @service_group@ +service_user = @service_user@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +systemd = @systemd@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +ACLOCAL_AMFLAGS = -I m4 +SUBDIRS = ext/ipcrypt \ + ext/yahttp + +CLEANFILES = htmlfiles.h.tmp htmlfiles.h dnsdist-lua-ffi-interface.inc \ + lua.hpp $(am__append_35) +BUILT_SOURCES = htmlfiles.h dnsdist-lua-ffi-interface.inc \ + dnslabeltext.cc $(am__append_26) +SRC_JS_FILES := $(wildcard src_js/*.js) +MIN_JS_FILES := $(patsubst src_js/%.js,html/js/%.min.js,$(SRC_JS_FILES)) +EXTRA_DIST = COPYING \ + dnslabeltext.rl \ + dnsdistconf.lua \ + dnsmessage.proto \ + dnstap.proto \ + README.md \ + delaypipe.cc delaypipe.hh \ + html \ + incfiles \ + src_js \ + dnsdist.service.in \ + lua_hpp.mk \ + bpf-filter.main.ebpf \ + bpf-filter.qname.ebpf \ + bpf-filter.ebpf.src \ + DNSDIST-MIB.txt \ + devpollmplexer.cc \ + epollmplexer.cc \ + kqueuemplexer.cc \ + portsmplexer.cc \ + cdb.cc cdb.hh \ + ext/lmdb-safe/lmdb-safe.cc ext/lmdb-safe/lmdb-safe.hh \ + ext/protozero/include/* \ + builder-support/gen-version + +@UNIT_TESTS_TRUE@TESTS_ENVIRONMENT = env BOOST_TEST_LOG_LEVEL=message SRCDIR='$(srcdir)' +dnsdist_SOURCES = ascii.hh base64.hh bpf-filter.cc bpf-filter.hh \ + cachecleaner.hh capabilities.cc capabilities.hh \ + circular_buffer.hh connection-management.hh credentials.cc \ + credentials.hh dns.cc dns.hh dnscrypt.cc dnscrypt.hh \ + dnsdist-backend.cc dnsdist-cache.cc dnsdist-cache.hh \ + dnsdist-carbon.cc dnsdist-console.cc dnsdist-console.hh \ + dnsdist-dnscrypt.cc dnsdist-dynblocks.cc dnsdist-dynblocks.hh \ + dnsdist-dynbpf.cc dnsdist-dynbpf.hh dnsdist-ecs.cc \ + dnsdist-ecs.hh dnsdist-healthchecks.cc dnsdist-healthchecks.hh \ + dnsdist-idstate.cc dnsdist-idstate.hh dnsdist-kvs.hh \ + dnsdist-kvs.cc dnsdist-lbpolicies.cc dnsdist-lbpolicies.hh \ + dnsdist-lua-actions.cc dnsdist-lua-bindings-dnscrypt.cc \ + dnsdist-lua-bindings-dnsquestion.cc \ + dnsdist-lua-bindings-kvs.cc \ + dnsdist-lua-bindings-packetcache.cc \ + dnsdist-lua-bindings-protobuf.cc dnsdist-lua-bindings.cc \ + dnsdist-lua-ffi-interface.h dnsdist-lua-ffi-interface.inc \ + dnsdist-lua-ffi.cc dnsdist-lua-ffi.hh \ + dnsdist-lua-inspection-ffi.cc dnsdist-lua-inspection-ffi.hh \ + dnsdist-lua-inspection.cc dnsdist-lua-rules.cc \ + dnsdist-lua-vars.cc dnsdist-lua-web.cc dnsdist-lua.cc \ + dnsdist-lua.hh dnsdist-nghttp2.cc dnsdist-nghttp2.hh \ + dnsdist-prometheus.hh dnsdist-protobuf.cc dnsdist-protobuf.hh \ + dnsdist-protocols.cc dnsdist-protocols.hh \ + dnsdist-proxy-protocol.cc dnsdist-proxy-protocol.hh \ + dnsdist-rings.cc dnsdist-rings.hh dnsdist-rules.cc \ + dnsdist-rules.hh dnsdist-secpoll.cc dnsdist-secpoll.hh \ + dnsdist-session-cache.cc dnsdist-session-cache.hh \ + dnsdist-snmp.cc dnsdist-snmp.hh dnsdist-svc.cc dnsdist-svc.hh \ + dnsdist-systemd.cc dnsdist-systemd.hh \ + dnsdist-tcp-downstream.cc dnsdist-tcp-downstream.hh \ + dnsdist-tcp-upstream.hh dnsdist-tcp.cc dnsdist-tcp.hh \ + dnsdist-web.cc dnsdist-web.hh dnsdist-xpf.cc dnsdist-xpf.hh \ + dnsdist.cc dnsdist.hh dnslabeltext.cc dnsname.cc dnsname.hh \ + dnsparser.hh dnsparser.cc dnstap.cc dnstap.hh dnswriter.cc \ + dnswriter.hh doh.hh doh.cc dolog.hh ednscookies.cc \ + ednscookies.hh ednsoptions.cc ednsoptions.hh ednssubnet.cc \ + ednssubnet.hh ext/json11/json11.cpp ext/json11/json11.hpp \ + ext/libbpf/libbpf.h ext/luawrapper/include/LuaContext.hpp \ + fstrm_logger.cc fstrm_logger.hh gettime.cc gettime.hh \ + htmlfiles.h iputils.cc iputils.hh libssl.cc libssl.hh lock.hh \ + misc.cc misc.hh mplexer.hh namespaces.hh noinitvector.hh \ + packetcache.hh pdnsexception.hh pollmplexer.cc protozero.cc \ + protozero.hh proxy-protocol.cc proxy-protocol.hh qtype.cc \ + qtype.hh remote_logger.cc remote_logger.hh sholder.hh \ + snmp-agent.cc snmp-agent.hh sodcrypto.cc sodcrypto.hh \ + sstuff.hh stat_t.hh statnode.cc statnode.hh svc-records.cc \ + svc-records.hh tcpiohandler-mplexer.hh tcpiohandler.cc \ + tcpiohandler.hh threadname.hh threadname.cc uuid-utils.hh \ + uuid-utils.cc xpf.cc xpf.hh $(am__append_11) $(am__append_17) \ + $(am__append_20) $(am__append_27) $(am__append_29) \ + $(am__append_31) $(am__append_33) +testrunner_SOURCES = base64.hh bpf-filter.cc bpf-filter.hh \ + cachecleaner.hh circular_buffer.hh connection-management.hh \ + credentials.cc credentials.hh dns.cc dns.hh dnscrypt.cc \ + dnscrypt.hh dnsdist-backend.cc dnsdist-cache.cc \ + dnsdist-cache.hh dnsdist-dynblocks.cc dnsdist-dynblocks.hh \ + dnsdist-dynbpf.cc dnsdist-dynbpf.hh dnsdist-ecs.cc \ + dnsdist-ecs.hh dnsdist-idstate.cc dnsdist-idstate.hh \ + dnsdist-kvs.cc dnsdist-kvs.hh dnsdist-lbpolicies.cc \ + dnsdist-lbpolicies.hh dnsdist-lua-bindings-dnsquestion.cc \ + dnsdist-lua-bindings-kvs.cc dnsdist-lua-bindings.cc \ + dnsdist-lua-ffi-interface.h dnsdist-lua-ffi-interface.inc \ + dnsdist-lua-ffi.cc dnsdist-lua-ffi.hh dnsdist-lua-vars.cc \ + dnsdist-nghttp2.cc dnsdist-nghttp2.hh dnsdist-protocols.cc \ + dnsdist-protocols.hh dnsdist-proxy-protocol.cc \ + dnsdist-proxy-protocol.hh dnsdist-rings.cc dnsdist-rings.hh \ + dnsdist-rules.cc dnsdist-rules.hh dnsdist-session-cache.cc \ + dnsdist-session-cache.hh dnsdist-svc.cc dnsdist-svc.hh \ + dnsdist-tcp-downstream.cc dnsdist-tcp.cc dnsdist-tcp.hh \ + dnsdist-xpf.cc dnsdist-xpf.hh dnsdist.hh dnslabeltext.cc \ + dnsname.cc dnsname.hh dnsparser.hh dnsparser.cc dnswriter.cc \ + dnswriter.hh dolog.hh ednscookies.cc ednscookies.hh \ + ednsoptions.cc ednsoptions.hh ednssubnet.cc ednssubnet.hh \ + ext/luawrapper/include/LuaContext.hpp gettime.cc gettime.hh \ + iputils.cc iputils.hh misc.cc misc.hh namespaces.hh \ + noinitvector.hh pdnsexception.hh pollmplexer.cc \ + proxy-protocol.cc proxy-protocol.hh qtype.cc qtype.hh \ + sholder.hh sodcrypto.cc sstuff.hh stat_t.hh statnode.cc \ + statnode.hh svc-records.cc svc-records.hh test-base64_cc.cc \ + test-connectionmanagement_hh.cc test-credentials_cc.cc \ + test-delaypipe_hh.cc test-dnscrypt_cc.cc \ + test-dnsdist-connections-cache.cc test-dnsdist_cc.cc \ + test-dnsdistdynblocks_hh.cc test-dnsdistkvs_cc.cc \ + test-dnsdistlbpolicies_cc.cc test-dnsdistnghttp2_cc.cc \ + test-dnsdistpacketcache_cc.cc test-dnsdistrings_cc.cc \ + test-dnsdistrules_cc.cc test-dnsdistsvc_cc.cc \ + test-dnsdisttcp_cc.cc test-dnsparser_cc.cc test-iputils_hh.cc \ + test-luawrapper.cc test-mplexer.cc test-proxy_protocol_cc.cc \ + testrunner.cc threadname.hh threadname.cc uuid-utils.hh \ + uuid-utils.cc xpf.cc xpf.hh $(am__append_12) $(am__append_21) \ + $(am__append_28) $(am__append_30) $(am__append_32) \ + $(am__append_34) +dnsdist_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(PROGRAM_LDFLAGS) \ + -pthread + +dnsdist_LDADD = $(LUA_LIBS) $(LIBEDIT_LIBS) $(RT_LIBS) $(YAHTTP_LIBS) \ + $(LIBSODIUM_LIBS) $(FSTRM_LIBS) $(SYSTEMD_LIBS) \ + $(NET_SNMP_LIBS) $(LIBCAP_LIBS) $(IPCRYPT_LIBS) \ + $(am__append_9) $(am__append_13) $(am__append_14) \ + $(am__append_15) $(am__append_18) $(am__append_22) \ + $(am__append_23) $(am__append_24) +testrunner_LDFLAGS = \ + $(AM_LDFLAGS) \ + $(PROGRAM_LDFLAGS) \ + $(BOOST_UNIT_TEST_FRAMEWORK_LDFLAGS) \ + -pthread + +testrunner_LDADD = $(BOOST_UNIT_TEST_FRAMEWORK_LIBS) $(FSTRM_LIBS) \ + $(LIBSODIUM_LIBS) $(LUA_LIBS) $(RT_LIBS) $(LIBCAP_LIBS) \ + $(am__append_10) $(am__append_16) $(am__append_19) \ + $(am__append_25) +@HAVE_LUA_HPP_FALSE@nodist_dnsdist_SOURCES = lua.hpp +MANPAGES = dnsdist.1 +dist_man_MANS = $(MANPAGES) +@HAVE_SYSTEMD_TRUE@systemdsystemunitdir = $(SYSTEMD_DIR) +@HAVE_SYSTEMD_TRUE@systemdsystemunit_DATA = \ +@HAVE_SYSTEMD_TRUE@ dnsdist.service \ +@HAVE_SYSTEMD_TRUE@ dnsdist@.service + +all: $(BUILT_SOURCES) config.h + $(MAKE) $(AM_MAKEFLAGS) all-recursive + +.SUFFIXES: +.SUFFIXES: .cc .cpp .lo .log .o .obj .test .test$(EXEEXT) .trs +am--refresh: Makefile + @: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(srcdir)/lua_hpp.mk $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + echo ' cd $(srcdir) && $(AUTOMAKE) --foreign'; \ + $(am__cd) $(srcdir) && $(AUTOMAKE) --foreign \ + && exit 0; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --foreign Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + echo ' $(SHELL) ./config.status'; \ + $(SHELL) ./config.status;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $@ $(am__maybe_remake_depfiles);; \ + esac; +$(srcdir)/lua_hpp.mk $(am__empty): + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + $(SHELL) ./config.status --recheck + +$(top_srcdir)/configure: $(am__configure_deps) + $(am__cd) $(srcdir) && $(AUTOCONF) +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + $(am__cd) $(srcdir) && $(ACLOCAL) $(ACLOCAL_AMFLAGS) +$(am__aclocal_m4_deps): + +config.h: stamp-h1 + @test -f $@ || rm -f stamp-h1 + @test -f $@ || $(MAKE) $(AM_MAKEFLAGS) stamp-h1 + +stamp-h1: $(srcdir)/config.h.in $(top_builddir)/config.status + @rm -f stamp-h1 + cd $(top_builddir) && $(SHELL) ./config.status config.h +$(srcdir)/config.h.in: $(am__configure_deps) + ($(am__cd) $(top_srcdir) && $(AUTOHEADER)) + rm -f stamp-h1 + touch $@ + +distclean-hdr: + -rm -f config.h stamp-h1 +install-binPROGRAMS: $(bin_PROGRAMS) + @$(NORMAL_INSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \ + fi; \ + for p in $$list; do echo "$$p $$p"; done | \ + sed 's/$(EXEEXT)$$//' | \ + while read p p1; do if test -f $$p \ + || test -f $$p1 \ + ; then echo "$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n;h' \ + -e 's|.*|.|' \ + -e 'p;x;s,.*/,,;s/$(EXEEXT)$$//;$(transform);s/$$/$(EXEEXT)/' | \ + sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1 } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) files[d] = files[d] " " $$1; \ + else { print "f", $$3 "/" $$4, $$1; } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files '$(DESTDIR)$(bindir)$$dir'"; \ + $(INSTALL_PROGRAM_ENV) $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL_PROGRAM) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-binPROGRAMS: + @$(NORMAL_UNINSTALL) + @list='$(bin_PROGRAMS)'; test -n "$(bindir)" || list=; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 'h;s,^.*/,,;s/$(EXEEXT)$$//;$(transform)' \ + -e 's/$$/$(EXEEXT)/' \ + `; \ + test -n "$$list" || exit 0; \ + echo " ( cd '$(DESTDIR)$(bindir)' && rm -f" $$files ")"; \ + cd "$(DESTDIR)$(bindir)" && rm -f $$files + +clean-binPROGRAMS: + @list='$(bin_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list + +clean-noinstPROGRAMS: + @list='$(noinst_PROGRAMS)'; test -n "$$list" || exit 0; \ + echo " rm -f" $$list; \ + rm -f $$list || exit $$?; \ + test -n "$(EXEEXT)" || exit 0; \ + list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ + echo " rm -f" $$list; \ + rm -f $$list +ext/json11/$(am__dirstamp): + @$(MKDIR_P) ext/json11 + @: > ext/json11/$(am__dirstamp) +ext/json11/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ext/json11/$(DEPDIR) + @: > ext/json11/$(DEPDIR)/$(am__dirstamp) +ext/json11/json11.$(OBJEXT): ext/json11/$(am__dirstamp) \ + ext/json11/$(DEPDIR)/$(am__dirstamp) +ext/lmdb-safe/$(am__dirstamp): + @$(MKDIR_P) ext/lmdb-safe + @: > ext/lmdb-safe/$(am__dirstamp) +ext/lmdb-safe/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ext/lmdb-safe/$(DEPDIR) + @: > ext/lmdb-safe/$(DEPDIR)/$(am__dirstamp) +ext/lmdb-safe/lmdb-safe.$(OBJEXT): ext/lmdb-safe/$(am__dirstamp) \ + ext/lmdb-safe/$(DEPDIR)/$(am__dirstamp) + +dnsdist$(EXEEXT): $(dnsdist_OBJECTS) $(dnsdist_DEPENDENCIES) $(EXTRA_dnsdist_DEPENDENCIES) + @rm -f dnsdist$(EXEEXT) + $(AM_V_CXXLD)$(dnsdist_LINK) $(dnsdist_OBJECTS) $(dnsdist_LDADD) $(LIBS) + +testrunner$(EXEEXT): $(testrunner_OBJECTS) $(testrunner_DEPENDENCIES) $(EXTRA_testrunner_DEPENDENCIES) + @rm -f testrunner$(EXEEXT) + $(AM_V_CXXLD)$(testrunner_LINK) $(testrunner_OBJECTS) $(testrunner_LDADD) $(LIBS) + +mostlyclean-compile: + -rm -f *.$(OBJEXT) + -rm -f ext/json11/*.$(OBJEXT) + -rm -f ext/lmdb-safe/*.$(OBJEXT) + +distclean-compile: + -rm -f *.tab.c + +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/bpf-filter.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/capabilities.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/cdb.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/credentials.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/devpollmplexer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dns.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnscrypt.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-backend.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-cache.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-carbon.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-console.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-dnscrypt.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-dynblocks.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-dynbpf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-ecs.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-healthchecks.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-idstate.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-kvs.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lbpolicies.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-actions.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-bindings-dnscrypt.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-bindings-dnsquestion.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-bindings-kvs.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-bindings-packetcache.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-bindings-protobuf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-bindings.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-ffi.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-inspection-ffi.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-inspection.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-rules.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-vars.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua-web.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-lua.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-nghttp2.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-protobuf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-protocols.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-proxy-protocol.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-rings.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-rules.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-secpoll.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-session-cache.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-snmp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-svc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-systemd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-tcp-downstream.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-tcp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-web.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist-xpf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsdist.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnslabeltext.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsname.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnsparser.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnstap.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/dnswriter.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/doh.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ednscookies.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ednsoptions.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ednssubnet.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/epollmplexer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/fstrm_logger.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/gettime.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ipcipher.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/iputils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/kqueuemplexer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/libssl.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/misc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pollmplexer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/portsmplexer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/protozero.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/proxy-protocol.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/qtype.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/remote_logger.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/snmp-agent.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sodcrypto.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/statnode.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/svc-records.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/tcpiohandler.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-base64_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-connectionmanagement_hh.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-credentials_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-delaypipe_hh.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnscrypt_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdist-connections-cache.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdist_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistdynblocks_hh.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistkvs_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistlbpolicies_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistnghttp2_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistpacketcache_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistrings_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistrules_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdistsvc_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsdisttcp_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-dnsparser_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-iputils_hh.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-luawrapper.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-mplexer.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/test-proxy_protocol_cc.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testrunner.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/threadname.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uuid-utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/xpf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ext/json11/$(DEPDIR)/json11.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@ext/lmdb-safe/$(DEPDIR)/lmdb-safe.Po@am__quote@ # am--include-marker + +$(am__depfiles_remade): + @$(MKDIR_P) $(@D) + @echo '# dummy' >$@-t && $(am__mv) $@-t $@ + +am--depfiles: $(am__depfiles_remade) + +.cc.o: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXXCOMPILE) -c -o $@ $< + +.cc.obj: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.cc.lo: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCXX_TRUE@ $(LTCXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(LTCXXCOMPILE) -c -o $@ $< + +.cpp.o: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.o$$||'`;\ +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXXCOMPILE) -c -o $@ $< + +.cpp.obj: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.obj$$||'`;\ +@am__fastdepCXX_TRUE@ $(CXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ `$(CYGPATH_W) '$<'` &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Po +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(CXXCOMPILE) -c -o $@ `$(CYGPATH_W) '$<'` + +.cpp.lo: +@am__fastdepCXX_TRUE@ $(AM_V_CXX)depbase=`echo $@ | sed 's|[^/]*$$|$(DEPDIR)/&|;s|\.lo$$||'`;\ +@am__fastdepCXX_TRUE@ $(LTCXXCOMPILE) -MT $@ -MD -MP -MF $$depbase.Tpo -c -o $@ $< &&\ +@am__fastdepCXX_TRUE@ $(am__mv) $$depbase.Tpo $$depbase.Plo +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ $(AM_V_CXX)source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCXX_FALSE@ DEPDIR=$(DEPDIR) $(CXXDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCXX_FALSE@ $(AM_V_CXX@am__nodep@)$(LTCXXCOMPILE) -c -o $@ $< + +mostlyclean-libtool: + -rm -f *.lo + +clean-libtool: + -rm -rf .libs _libs + +distclean-libtool: + -rm -f libtool config.lt +install-man1: $(dist_man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(dist_man_MANS)'; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(dist_man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) +install-systemdsystemunitDATA: $(systemdsystemunit_DATA) + @$(NORMAL_INSTALL) + @list='$(systemdsystemunit_DATA)'; test -n "$(systemdsystemunitdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(systemdsystemunitdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(systemdsystemunitdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(systemdsystemunitdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(systemdsystemunitdir)" || exit $$?; \ + done + +uninstall-systemdsystemunitDATA: + @$(NORMAL_UNINSTALL) + @list='$(systemdsystemunit_DATA)'; test -n "$(systemdsystemunitdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(systemdsystemunitdir)'; $(am__uninstall_files_from_dir) + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscope: cscope.files + test ! -s cscope.files \ + || $(CSCOPE) -b -q $(AM_CSCOPEFLAGS) $(CSCOPEFLAGS) -i cscope.files $(CSCOPE_ARGS) +clean-cscope: + -rm -f cscope.files +cscope.files: clean-cscope cscopelist +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + -rm -f cscope.out cscope.in.out cscope.po.out cscope.files + +# Recover from deleted '.trs' file; this should ensure that +# "rm -f foo.log; make foo.trs" re-run 'foo.test', and re-create +# both 'foo.log' and 'foo.trs'. Break the recipe in two subshells +# to avoid problems with "make -n". +.log.trs: + rm -f $< $@ + $(MAKE) $(AM_MAKEFLAGS) $< + +# Leading 'am--fnord' is there to ensure the list of targets does not +# expand to empty, as could happen e.g. with make check TESTS=''. +am--fnord $(TEST_LOGS) $(TEST_LOGS:.log=.trs): $(am__force_recheck) +am--force-recheck: + @: + +$(TEST_SUITE_LOG): $(TEST_LOGS) + @$(am__set_TESTS_bases); \ + am__f_ok () { test -f "$$1" && test -r "$$1"; }; \ + redo_bases=`for i in $$bases; do \ + am__f_ok $$i.trs && am__f_ok $$i.log || echo $$i; \ + done`; \ + if test -n "$$redo_bases"; then \ + redo_logs=`for i in $$redo_bases; do echo $$i.log; done`; \ + redo_results=`for i in $$redo_bases; do echo $$i.trs; done`; \ + if $(am__make_dryrun); then :; else \ + rm -f $$redo_logs && rm -f $$redo_results || exit 1; \ + fi; \ + fi; \ + if test -n "$$am__remaking_logs"; then \ + echo "fatal: making $(TEST_SUITE_LOG): possible infinite" \ + "recursion detected" >&2; \ + elif test -n "$$redo_logs"; then \ + am__remaking_logs=yes $(MAKE) $(AM_MAKEFLAGS) $$redo_logs; \ + fi; \ + if $(am__make_dryrun); then :; else \ + st=0; \ + errmsg="fatal: making $(TEST_SUITE_LOG): failed to create"; \ + for i in $$redo_bases; do \ + test -f $$i.trs && test -r $$i.trs \ + || { echo "$$errmsg $$i.trs" >&2; st=1; }; \ + test -f $$i.log && test -r $$i.log \ + || { echo "$$errmsg $$i.log" >&2; st=1; }; \ + done; \ + test $$st -eq 0 || exit 1; \ + fi + @$(am__sh_e_setup); $(am__tty_colors); $(am__set_TESTS_bases); \ + ws='[ ]'; \ + results=`for b in $$bases; do echo $$b.trs; done`; \ + test -n "$$results" || results=/dev/null; \ + all=` grep "^$$ws*:test-result:" $$results | wc -l`; \ + pass=` grep "^$$ws*:test-result:$$ws*PASS" $$results | wc -l`; \ + fail=` grep "^$$ws*:test-result:$$ws*FAIL" $$results | wc -l`; \ + skip=` grep "^$$ws*:test-result:$$ws*SKIP" $$results | wc -l`; \ + xfail=`grep "^$$ws*:test-result:$$ws*XFAIL" $$results | wc -l`; \ + xpass=`grep "^$$ws*:test-result:$$ws*XPASS" $$results | wc -l`; \ + error=`grep "^$$ws*:test-result:$$ws*ERROR" $$results | wc -l`; \ + if test `expr $$fail + $$xpass + $$error` -eq 0; then \ + success=true; \ + else \ + success=false; \ + fi; \ + br='==================='; br=$$br$$br$$br$$br; \ + result_count () \ + { \ + if test x"$$1" = x"--maybe-color"; then \ + maybe_colorize=yes; \ + elif test x"$$1" = x"--no-color"; then \ + maybe_colorize=no; \ + else \ + echo "$@: invalid 'result_count' usage" >&2; exit 4; \ + fi; \ + shift; \ + desc=$$1 count=$$2; \ + if test $$maybe_colorize = yes && test $$count -gt 0; then \ + color_start=$$3 color_end=$$std; \ + else \ + color_start= color_end=; \ + fi; \ + echo "$${color_start}# $$desc $$count$${color_end}"; \ + }; \ + create_testsuite_report () \ + { \ + result_count $$1 "TOTAL:" $$all "$$brg"; \ + result_count $$1 "PASS: " $$pass "$$grn"; \ + result_count $$1 "SKIP: " $$skip "$$blu"; \ + result_count $$1 "XFAIL:" $$xfail "$$lgn"; \ + result_count $$1 "FAIL: " $$fail "$$red"; \ + result_count $$1 "XPASS:" $$xpass "$$red"; \ + result_count $$1 "ERROR:" $$error "$$mgn"; \ + }; \ + { \ + echo "$(PACKAGE_STRING): $(subdir)/$(TEST_SUITE_LOG)" | \ + $(am__rst_title); \ + create_testsuite_report --no-color; \ + echo; \ + echo ".. contents:: :depth: 2"; \ + echo; \ + for b in $$bases; do echo $$b; done \ + | $(am__create_global_log); \ + } >$(TEST_SUITE_LOG).tmp || exit 1; \ + mv $(TEST_SUITE_LOG).tmp $(TEST_SUITE_LOG); \ + if $$success; then \ + col="$$grn"; \ + else \ + col="$$red"; \ + test x"$$VERBOSE" = x || cat $(TEST_SUITE_LOG); \ + fi; \ + echo "$${col}$$br$${std}"; \ + echo "$${col}Testsuite summary for $(PACKAGE_STRING)$${std}"; \ + echo "$${col}$$br$${std}"; \ + create_testsuite_report --maybe-color; \ + echo "$$col$$br$$std"; \ + if $$success; then :; else \ + echo "$${col}See $(subdir)/$(TEST_SUITE_LOG)$${std}"; \ + if test -n "$(PACKAGE_BUGREPORT)"; then \ + echo "$${col}Please report to $(PACKAGE_BUGREPORT)$${std}"; \ + fi; \ + echo "$$col$$br$$std"; \ + fi; \ + $$success || exit 1 + +check-TESTS: + @list='$(RECHECK_LOGS)'; test -z "$$list" || rm -f $$list + @list='$(RECHECK_LOGS:.log=.trs)'; test -z "$$list" || rm -f $$list + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + trs_list=`for i in $$bases; do echo $$i.trs; done`; \ + log_list=`echo $$log_list`; trs_list=`echo $$trs_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) TEST_LOGS="$$log_list"; \ + exit $$?; +recheck: all + @test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + @set +e; $(am__set_TESTS_bases); \ + bases=`for i in $$bases; do echo $$i; done \ + | $(am__list_recheck_tests)` || exit 1; \ + log_list=`for i in $$bases; do echo $$i.log; done`; \ + log_list=`echo $$log_list`; \ + $(MAKE) $(AM_MAKEFLAGS) $(TEST_SUITE_LOG) \ + am__force_recheck=am--force-recheck \ + TEST_LOGS="$$log_list"; \ + exit $$? +testrunner.log: testrunner$(EXEEXT) + @p='testrunner$(EXEEXT)'; \ + b='testrunner'; \ + $(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +.test.log: + @p='$<'; \ + $(am__set_b); \ + $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ + --log-file $$b.log --trs-file $$b.trs \ + $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ + "$$tst" $(AM_TESTS_FD_REDIRECT) +@am__EXEEXT_TRUE@.test$(EXEEXT).log: +@am__EXEEXT_TRUE@ @p='$<'; \ +@am__EXEEXT_TRUE@ $(am__set_b); \ +@am__EXEEXT_TRUE@ $(am__check_pre) $(TEST_LOG_DRIVER) --test-name "$$f" \ +@am__EXEEXT_TRUE@ --log-file $$b.log --trs-file $$b.trs \ +@am__EXEEXT_TRUE@ $(am__common_driver_flags) $(AM_TEST_LOG_DRIVER_FLAGS) $(TEST_LOG_DRIVER_FLAGS) -- $(TEST_LOG_COMPILE) \ +@am__EXEEXT_TRUE@ "$$tst" $(AM_TESTS_FD_REDIRECT) + +distdir: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) distdir-am + +distdir-am: $(DISTFILES) + $(am__remove_distdir) + test -d "$(distdir)" || mkdir "$(distdir)" + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done + -test -n "$(am__skip_mode_fix)" \ + || find "$(distdir)" -type d ! -perm -755 \ + -exec chmod u+rwx,go+rx {} \; -o \ + ! -type d ! -perm -444 -links 1 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -400 -exec chmod a+r {} \; -o \ + ! -type d ! -perm -444 -exec $(install_sh) -c -m a+r {} {} \; \ + || chmod -R a+r "$(distdir)" +dist-gzip: distdir + tardir=$(distdir) && $(am__tar) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).tar.gz + $(am__post_remove_distdir) +dist-bzip2: distdir + tardir=$(distdir) && $(am__tar) | BZIP2=$${BZIP2--9} bzip2 -c >$(distdir).tar.bz2 + $(am__post_remove_distdir) + +dist-lzip: distdir + tardir=$(distdir) && $(am__tar) | lzip -c $${LZIP_OPT--9} >$(distdir).tar.lz + $(am__post_remove_distdir) + +dist-xz: distdir + tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz + $(am__post_remove_distdir) + +dist-tarZ: distdir + @echo WARNING: "Support for distribution archives compressed with" \ + "legacy program 'compress' is deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 + tardir=$(distdir) && $(am__tar) | compress -c >$(distdir).tar.Z + $(am__post_remove_distdir) + +dist-shar: distdir + @echo WARNING: "Support for shar distribution archives is" \ + "deprecated." >&2 + @echo WARNING: "It will be removed altogether in Automake 2.0" >&2 + shar $(distdir) | eval GZIP= gzip $(GZIP_ENV) -c >$(distdir).shar.gz + $(am__post_remove_distdir) + +dist-zip: distdir + -rm -f $(distdir).zip + zip -rq $(distdir).zip $(distdir) + $(am__post_remove_distdir) + +dist dist-all: + $(MAKE) $(AM_MAKEFLAGS) $(DIST_TARGETS) am__post_remove_distdir='@:' + $(am__post_remove_distdir) + +# This target untars the dist file and tries a VPATH configuration. Then +# it guarantees that the distribution is self-contained by making another +# tarfile. +distcheck: dist + case '$(DIST_ARCHIVES)' in \ + *.tar.gz*) \ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).tar.gz | $(am__untar) ;;\ + *.tar.bz2*) \ + bzip2 -dc $(distdir).tar.bz2 | $(am__untar) ;;\ + *.tar.lz*) \ + lzip -dc $(distdir).tar.lz | $(am__untar) ;;\ + *.tar.xz*) \ + xz -dc $(distdir).tar.xz | $(am__untar) ;;\ + *.tar.Z*) \ + uncompress -c $(distdir).tar.Z | $(am__untar) ;;\ + *.shar.gz*) \ + eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ + *.zip*) \ + unzip $(distdir).zip ;;\ + esac + chmod -R a-w $(distdir) + chmod u+w $(distdir) + mkdir $(distdir)/_build $(distdir)/_build/sub $(distdir)/_inst + chmod a-w $(distdir) + test -d $(distdir)/_build || exit 0; \ + dc_install_base=`$(am__cd) $(distdir)/_inst && pwd | sed -e 's,^[^:\\/]:[\\/],/,'` \ + && dc_destdir="$${TMPDIR-/tmp}/am-dc-$$$$/" \ + && am__cwd=`pwd` \ + && $(am__cd) $(distdir)/_build/sub \ + && ../../configure \ + $(AM_DISTCHECK_CONFIGURE_FLAGS) \ + $(DISTCHECK_CONFIGURE_FLAGS) \ + --srcdir=../.. --prefix="$$dc_install_base" \ + && $(MAKE) $(AM_MAKEFLAGS) \ + && $(MAKE) $(AM_MAKEFLAGS) dvi \ + && $(MAKE) $(AM_MAKEFLAGS) check \ + && $(MAKE) $(AM_MAKEFLAGS) install \ + && $(MAKE) $(AM_MAKEFLAGS) installcheck \ + && $(MAKE) $(AM_MAKEFLAGS) uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) distuninstallcheck_dir="$$dc_install_base" \ + distuninstallcheck \ + && chmod -R a-w "$$dc_install_base" \ + && ({ \ + (cd ../.. && umask 077 && mkdir "$$dc_destdir") \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" install \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" uninstall \ + && $(MAKE) $(AM_MAKEFLAGS) DESTDIR="$$dc_destdir" \ + distuninstallcheck_dir="$$dc_destdir" distuninstallcheck; \ + } || { rm -rf "$$dc_destdir"; exit 1; }) \ + && rm -rf "$$dc_destdir" \ + && $(MAKE) $(AM_MAKEFLAGS) dist \ + && rm -rf $(DIST_ARCHIVES) \ + && $(MAKE) $(AM_MAKEFLAGS) distcleancheck \ + && cd "$$am__cwd" \ + || exit 1 + $(am__post_remove_distdir) + @(echo "$(distdir) archives ready for distribution: "; \ + list='$(DIST_ARCHIVES)'; for i in $$list; do echo $$i; done) | \ + sed -e 1h -e 1s/./=/g -e 1p -e 1x -e '$$p' -e '$$x' +distuninstallcheck: + @test -n '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: trying to run $@ with an empty' \ + '$$(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + $(am__cd) '$(distuninstallcheck_dir)' || { \ + echo 'ERROR: cannot chdir into $(distuninstallcheck_dir)' >&2; \ + exit 1; \ + }; \ + test `$(am__distuninstallcheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left after uninstall:" ; \ + if test -n "$(DESTDIR)"; then \ + echo " (check DESTDIR support)"; \ + fi ; \ + $(distuninstallcheck_listfiles) ; \ + exit 1; } >&2 +distcleancheck: distclean + @if test '$(srcdir)' = . ; then \ + echo "ERROR: distcleancheck can only run from a VPATH build" ; \ + exit 1 ; \ + fi + @test `$(distcleancheck_listfiles) | wc -l` -eq 0 \ + || { echo "ERROR: files left in build directory after distclean:" ; \ + $(distcleancheck_listfiles) ; \ + exit 1; } >&2 +@UNIT_TESTS_TRUE@check-local: +check-am: all-am + $(MAKE) $(AM_MAKEFLAGS) check-TESTS check-local +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-recursive +all-am: Makefile $(PROGRAMS) $(MANS) $(DATA) config.h +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(systemdsystemunitdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + -test -z "$(TEST_LOGS)" || rm -f $(TEST_LOGS) + -test -z "$(TEST_LOGS:.log=.trs)" || rm -f $(TEST_LOGS:.log=.trs) + -test -z "$(TEST_SUITE_LOG)" || rm -f $(TEST_SUITE_LOG) + +clean-generic: + -test -z "$(CLEANFILES)" || rm -f $(CLEANFILES) + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f ext/json11/$(DEPDIR)/$(am__dirstamp) + -rm -f ext/json11/$(am__dirstamp) + -rm -f ext/lmdb-safe/$(DEPDIR)/$(am__dirstamp) + -rm -f ext/lmdb-safe/$(am__dirstamp) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) +clean: clean-recursive + +clean-am: clean-binPROGRAMS clean-generic clean-libtool \ + clean-noinstPROGRAMS mostlyclean-am + +distclean: distclean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -f ./$(DEPDIR)/bpf-filter.Po + -rm -f ./$(DEPDIR)/capabilities.Po + -rm -f ./$(DEPDIR)/cdb.Po + -rm -f ./$(DEPDIR)/credentials.Po + -rm -f ./$(DEPDIR)/devpollmplexer.Po + -rm -f ./$(DEPDIR)/dns.Po + -rm -f ./$(DEPDIR)/dnscrypt.Po + -rm -f ./$(DEPDIR)/dnsdist-backend.Po + -rm -f ./$(DEPDIR)/dnsdist-cache.Po + -rm -f ./$(DEPDIR)/dnsdist-carbon.Po + -rm -f ./$(DEPDIR)/dnsdist-console.Po + -rm -f ./$(DEPDIR)/dnsdist-dnscrypt.Po + -rm -f ./$(DEPDIR)/dnsdist-dynblocks.Po + -rm -f ./$(DEPDIR)/dnsdist-dynbpf.Po + -rm -f ./$(DEPDIR)/dnsdist-ecs.Po + -rm -f ./$(DEPDIR)/dnsdist-healthchecks.Po + -rm -f ./$(DEPDIR)/dnsdist-idstate.Po + -rm -f ./$(DEPDIR)/dnsdist-kvs.Po + -rm -f ./$(DEPDIR)/dnsdist-lbpolicies.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-actions.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings-dnscrypt.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings-dnsquestion.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings-kvs.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings-packetcache.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings-protobuf.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-ffi.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-inspection-ffi.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-inspection.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-rules.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-vars.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-web.Po + -rm -f ./$(DEPDIR)/dnsdist-lua.Po + -rm -f ./$(DEPDIR)/dnsdist-nghttp2.Po + -rm -f ./$(DEPDIR)/dnsdist-protobuf.Po + -rm -f ./$(DEPDIR)/dnsdist-protocols.Po + -rm -f ./$(DEPDIR)/dnsdist-proxy-protocol.Po + -rm -f ./$(DEPDIR)/dnsdist-rings.Po + -rm -f ./$(DEPDIR)/dnsdist-rules.Po + -rm -f ./$(DEPDIR)/dnsdist-secpoll.Po + -rm -f ./$(DEPDIR)/dnsdist-session-cache.Po + -rm -f ./$(DEPDIR)/dnsdist-snmp.Po + -rm -f ./$(DEPDIR)/dnsdist-svc.Po + -rm -f ./$(DEPDIR)/dnsdist-systemd.Po + -rm -f ./$(DEPDIR)/dnsdist-tcp-downstream.Po + -rm -f ./$(DEPDIR)/dnsdist-tcp.Po + -rm -f ./$(DEPDIR)/dnsdist-web.Po + -rm -f ./$(DEPDIR)/dnsdist-xpf.Po + -rm -f ./$(DEPDIR)/dnsdist.Po + -rm -f ./$(DEPDIR)/dnslabeltext.Po + -rm -f ./$(DEPDIR)/dnsname.Po + -rm -f ./$(DEPDIR)/dnsparser.Po + -rm -f ./$(DEPDIR)/dnstap.Po + -rm -f ./$(DEPDIR)/dnswriter.Po + -rm -f ./$(DEPDIR)/doh.Po + -rm -f ./$(DEPDIR)/ednscookies.Po + -rm -f ./$(DEPDIR)/ednsoptions.Po + -rm -f ./$(DEPDIR)/ednssubnet.Po + -rm -f ./$(DEPDIR)/epollmplexer.Po + -rm -f ./$(DEPDIR)/fstrm_logger.Po + -rm -f ./$(DEPDIR)/gettime.Po + -rm -f ./$(DEPDIR)/ipcipher.Po + -rm -f ./$(DEPDIR)/iputils.Po + -rm -f ./$(DEPDIR)/kqueuemplexer.Po + -rm -f ./$(DEPDIR)/libssl.Po + -rm -f ./$(DEPDIR)/misc.Po + -rm -f ./$(DEPDIR)/pollmplexer.Po + -rm -f ./$(DEPDIR)/portsmplexer.Po + -rm -f ./$(DEPDIR)/protozero.Po + -rm -f ./$(DEPDIR)/proxy-protocol.Po + -rm -f ./$(DEPDIR)/qtype.Po + -rm -f ./$(DEPDIR)/remote_logger.Po + -rm -f ./$(DEPDIR)/snmp-agent.Po + -rm -f ./$(DEPDIR)/sodcrypto.Po + -rm -f ./$(DEPDIR)/statnode.Po + -rm -f ./$(DEPDIR)/svc-records.Po + -rm -f ./$(DEPDIR)/tcpiohandler.Po + -rm -f ./$(DEPDIR)/test-base64_cc.Po + -rm -f ./$(DEPDIR)/test-connectionmanagement_hh.Po + -rm -f ./$(DEPDIR)/test-credentials_cc.Po + -rm -f ./$(DEPDIR)/test-delaypipe_hh.Po + -rm -f ./$(DEPDIR)/test-dnscrypt_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdist-connections-cache.Po + -rm -f ./$(DEPDIR)/test-dnsdist_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistdynblocks_hh.Po + -rm -f ./$(DEPDIR)/test-dnsdistkvs_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistlbpolicies_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistnghttp2_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistpacketcache_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistrings_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistrules_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistsvc_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdisttcp_cc.Po + -rm -f ./$(DEPDIR)/test-dnsparser_cc.Po + -rm -f ./$(DEPDIR)/test-iputils_hh.Po + -rm -f ./$(DEPDIR)/test-luawrapper.Po + -rm -f ./$(DEPDIR)/test-mplexer.Po + -rm -f ./$(DEPDIR)/test-proxy_protocol_cc.Po + -rm -f ./$(DEPDIR)/testrunner.Po + -rm -f ./$(DEPDIR)/threadname.Po + -rm -f ./$(DEPDIR)/uuid-utils.Po + -rm -f ./$(DEPDIR)/xpf.Po + -rm -f ext/json11/$(DEPDIR)/json11.Po + -rm -f ext/lmdb-safe/$(DEPDIR)/lmdb-safe.Po + -rm -f Makefile +distclean-am: clean-am distclean-compile distclean-generic \ + distclean-hdr distclean-libtool distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: install-man install-systemdsystemunitDATA + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: install-binPROGRAMS + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: install-man1 + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f $(am__CONFIG_DISTCLEAN_FILES) + -rm -rf $(top_srcdir)/autom4te.cache + -rm -f ./$(DEPDIR)/bpf-filter.Po + -rm -f ./$(DEPDIR)/capabilities.Po + -rm -f ./$(DEPDIR)/cdb.Po + -rm -f ./$(DEPDIR)/credentials.Po + -rm -f ./$(DEPDIR)/devpollmplexer.Po + -rm -f ./$(DEPDIR)/dns.Po + -rm -f ./$(DEPDIR)/dnscrypt.Po + -rm -f ./$(DEPDIR)/dnsdist-backend.Po + -rm -f ./$(DEPDIR)/dnsdist-cache.Po + -rm -f ./$(DEPDIR)/dnsdist-carbon.Po + -rm -f ./$(DEPDIR)/dnsdist-console.Po + -rm -f ./$(DEPDIR)/dnsdist-dnscrypt.Po + -rm -f ./$(DEPDIR)/dnsdist-dynblocks.Po + -rm -f ./$(DEPDIR)/dnsdist-dynbpf.Po + -rm -f ./$(DEPDIR)/dnsdist-ecs.Po + -rm -f ./$(DEPDIR)/dnsdist-healthchecks.Po + -rm -f ./$(DEPDIR)/dnsdist-idstate.Po + -rm -f ./$(DEPDIR)/dnsdist-kvs.Po + -rm -f ./$(DEPDIR)/dnsdist-lbpolicies.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-actions.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings-dnscrypt.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings-dnsquestion.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings-kvs.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings-packetcache.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings-protobuf.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-bindings.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-ffi.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-inspection-ffi.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-inspection.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-rules.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-vars.Po + -rm -f ./$(DEPDIR)/dnsdist-lua-web.Po + -rm -f ./$(DEPDIR)/dnsdist-lua.Po + -rm -f ./$(DEPDIR)/dnsdist-nghttp2.Po + -rm -f ./$(DEPDIR)/dnsdist-protobuf.Po + -rm -f ./$(DEPDIR)/dnsdist-protocols.Po + -rm -f ./$(DEPDIR)/dnsdist-proxy-protocol.Po + -rm -f ./$(DEPDIR)/dnsdist-rings.Po + -rm -f ./$(DEPDIR)/dnsdist-rules.Po + -rm -f ./$(DEPDIR)/dnsdist-secpoll.Po + -rm -f ./$(DEPDIR)/dnsdist-session-cache.Po + -rm -f ./$(DEPDIR)/dnsdist-snmp.Po + -rm -f ./$(DEPDIR)/dnsdist-svc.Po + -rm -f ./$(DEPDIR)/dnsdist-systemd.Po + -rm -f ./$(DEPDIR)/dnsdist-tcp-downstream.Po + -rm -f ./$(DEPDIR)/dnsdist-tcp.Po + -rm -f ./$(DEPDIR)/dnsdist-web.Po + -rm -f ./$(DEPDIR)/dnsdist-xpf.Po + -rm -f ./$(DEPDIR)/dnsdist.Po + -rm -f ./$(DEPDIR)/dnslabeltext.Po + -rm -f ./$(DEPDIR)/dnsname.Po + -rm -f ./$(DEPDIR)/dnsparser.Po + -rm -f ./$(DEPDIR)/dnstap.Po + -rm -f ./$(DEPDIR)/dnswriter.Po + -rm -f ./$(DEPDIR)/doh.Po + -rm -f ./$(DEPDIR)/ednscookies.Po + -rm -f ./$(DEPDIR)/ednsoptions.Po + -rm -f ./$(DEPDIR)/ednssubnet.Po + -rm -f ./$(DEPDIR)/epollmplexer.Po + -rm -f ./$(DEPDIR)/fstrm_logger.Po + -rm -f ./$(DEPDIR)/gettime.Po + -rm -f ./$(DEPDIR)/ipcipher.Po + -rm -f ./$(DEPDIR)/iputils.Po + -rm -f ./$(DEPDIR)/kqueuemplexer.Po + -rm -f ./$(DEPDIR)/libssl.Po + -rm -f ./$(DEPDIR)/misc.Po + -rm -f ./$(DEPDIR)/pollmplexer.Po + -rm -f ./$(DEPDIR)/portsmplexer.Po + -rm -f ./$(DEPDIR)/protozero.Po + -rm -f ./$(DEPDIR)/proxy-protocol.Po + -rm -f ./$(DEPDIR)/qtype.Po + -rm -f ./$(DEPDIR)/remote_logger.Po + -rm -f ./$(DEPDIR)/snmp-agent.Po + -rm -f ./$(DEPDIR)/sodcrypto.Po + -rm -f ./$(DEPDIR)/statnode.Po + -rm -f ./$(DEPDIR)/svc-records.Po + -rm -f ./$(DEPDIR)/tcpiohandler.Po + -rm -f ./$(DEPDIR)/test-base64_cc.Po + -rm -f ./$(DEPDIR)/test-connectionmanagement_hh.Po + -rm -f ./$(DEPDIR)/test-credentials_cc.Po + -rm -f ./$(DEPDIR)/test-delaypipe_hh.Po + -rm -f ./$(DEPDIR)/test-dnscrypt_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdist-connections-cache.Po + -rm -f ./$(DEPDIR)/test-dnsdist_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistdynblocks_hh.Po + -rm -f ./$(DEPDIR)/test-dnsdistkvs_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistlbpolicies_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistnghttp2_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistpacketcache_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistrings_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistrules_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdistsvc_cc.Po + -rm -f ./$(DEPDIR)/test-dnsdisttcp_cc.Po + -rm -f ./$(DEPDIR)/test-dnsparser_cc.Po + -rm -f ./$(DEPDIR)/test-iputils_hh.Po + -rm -f ./$(DEPDIR)/test-luawrapper.Po + -rm -f ./$(DEPDIR)/test-mplexer.Po + -rm -f ./$(DEPDIR)/test-proxy_protocol_cc.Po + -rm -f ./$(DEPDIR)/testrunner.Po + -rm -f ./$(DEPDIR)/threadname.Po + -rm -f ./$(DEPDIR)/uuid-utils.Po + -rm -f ./$(DEPDIR)/xpf.Po + -rm -f ext/json11/$(DEPDIR)/json11.Po + -rm -f ext/lmdb-safe/$(DEPDIR)/lmdb-safe.Po + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-compile mostlyclean-generic \ + mostlyclean-libtool + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: uninstall-binPROGRAMS uninstall-man \ + uninstall-systemdsystemunitDATA + +uninstall-man: uninstall-man1 + +.MAKE: $(am__recursive_targets) all check check-am install install-am \ + install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am \ + am--depfiles am--refresh check check-TESTS check-am \ + check-local clean clean-binPROGRAMS clean-cscope clean-generic \ + clean-libtool clean-noinstPROGRAMS cscope cscopelist-am ctags \ + ctags-am dist dist-all dist-bzip2 dist-gzip dist-lzip \ + dist-shar dist-tarZ dist-xz dist-zip distcheck distclean \ + distclean-compile distclean-generic distclean-hdr \ + distclean-libtool distclean-tags distcleancheck distdir \ + distuninstallcheck dvi dvi-am html html-am info info-am \ + install install-am install-binPROGRAMS install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-man1 install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + install-systemdsystemunitDATA installcheck installcheck-am \ + installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-compile \ + mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ + recheck tags tags-am uninstall uninstall-am \ + uninstall-binPROGRAMS uninstall-man uninstall-man1 \ + uninstall-systemdsystemunitDATA + +.PRECIOUS: Makefile + + +dnslabeltext.cc: dnslabeltext.rl + $(AM_V_GEN)$(RAGEL) $< -o dnslabeltext.cc + +htmlfiles.h: $(srcdir)/html/* $(srcdir)/incfiles + $(AM_V_GEN)$(srcdir)/incfiles $(srcdir) > $@.tmp + @mv $@.tmp $@ + +dnsdist-lua-ffi-interface.inc: dnsdist-lua-ffi-interface.h + $(AM_V_GEN)echo 'R"FFIContent(' > $@ + @cat $< >> $@ + @echo ')FFIContent"' >> $@ + +html/js/%.min.js: src_js/%.js + uglifyjs $< > $@ + +min_js: $(MIN_JS_FILES) +@UNIT_TESTS_FALSE@check-local: +@UNIT_TESTS_FALSE@ @echo "Unit tests are not enabled" +@UNIT_TESTS_FALSE@ @echo "Run ./configure --enable-unit-tests" + +dnsdist-web.$(OBJEXT): htmlfiles.h +dnsdist-lua-ffi.$(OBJEXT): dnsdist-lua-ffi-interface.inc + +@HAVE_MANPAGES_FALSE@@HAVE_VENV_TRUE@$(MANPAGES): %: docs/manpages/%.rst .venv +@HAVE_MANPAGES_FALSE@@HAVE_VENV_TRUE@ $(AM_V_GEN).venv/bin/python -msphinx -b man docs . $< + +@HAVE_VENV_TRUE@.venv: docs/requirements.txt +@HAVE_VENV_TRUE@ $(PYTHON) -m venv .venv +@HAVE_VENV_TRUE@ .venv/bin/pip install -U pip setuptools setuptools-git wheel +@HAVE_VENV_TRUE@ .venv/bin/pip install -r $< + +@HAVE_VENV_TRUE@latex/dnsdist.pdf: docs/** .venv +@HAVE_VENV_TRUE@ .venv/bin/python -msphinx -M latexpdf docs . + +@HAVE_VENV_TRUE@dnsdist.pdf: latex/dnsdist.pdf +@HAVE_VENV_TRUE@ mv $< $@ + +@HAVE_VENV_TRUE@html-docs.tar.bz2: html-docs +@HAVE_VENV_TRUE@ tar cjf $@ $< + +@HAVE_VENV_TRUE@html-docs: docs/** .venv +@HAVE_VENV_TRUE@ .venv/bin/python -msphinx -b html docs html-docs + +@HAVE_VENV_TRUE@all-docs: html-docs html-docs.tar.bz2 dnsdist.pdf + +@HAVE_VENV_TRUE@upload-docs: all-docs +@HAVE_VENV_TRUE@ rsync -crv --delete --no-p --chmod=g=rwX --exclude '*~' ./html-docs/ web1.powerdns.com:/srv/www/dnsdist.org +@HAVE_VENV_TRUE@ rsync -crv --no-p --chmod=g=rwX --exclude '*~' ./html-docs.tar.bz2 web1.powerdns.com:/srv/www/dnsdist.org +@HAVE_VENV_TRUE@ rsync -crv --no-p --chmod=g=rwX --exclude '*~' ./dnsdist.pdf web1.powerdns.com:/srv/www/dnsdist.org + +@HAVE_VENV_FALSE@$(MANPAGES): +@HAVE_VENV_FALSE@ @echo "You need Python 3 and the 'venv' module to generate the manpages" +@HAVE_VENV_FALSE@ exit 1 + +@HAVE_VENV_FALSE@html-docs: %: docs/manpages/%.rst .venv +@HAVE_VENV_FALSE@ @echo "You need Python 3 and the 'venv' module to generate the HTML docs" +@HAVE_VENV_FALSE@ exit 1 + +@HAVE_VENV_FALSE@dnsdist.pdf: +@HAVE_VENV_FALSE@ @echo "You need Python 3 and the 'venv' module to generate the PDF" +@HAVE_VENV_FALSE@ exit 1 + +@HAVE_SYSTEMD_TRUE@dnsdist.service: dnsdist.service.in +@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)sed -e 's![@]bindir[@]!$(bindir)!' -e 's![@]service_user[@]!$(service_user)!' -e 's![@]service_group[@]!$(service_group)!' < $< > $@ +@HAVE_SYSTEMD_LOCK_PERSONALITY_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^LockPersonality/' $@ +@HAVE_SYSTEMD_PRIVATE_DEVICES_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^PrivateDevices/' $@ +@HAVE_SYSTEMD_PRIVATE_TMP_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^PrivateTmp/' $@ +@HAVE_SYSTEMD_PRIVATE_USERS_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^PrivateUsers/' $@ +@HAVE_SYSTEMD_PROTECT_CLOCK_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^ProtectClock/' $@ +@HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^ProtectControlGroups/' $@ +@HAVE_SYSTEMD_PROTECT_HOME_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^ProtectHome/' $@ +@HAVE_SYSTEMD_PROTECT_HOSTNAME_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^ProtectHostname/' $@ +@HAVE_SYSTEMD_PROTECT_KERNEL_LOGS_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^ProtectKernelLogs/' $@ +@HAVE_SYSTEMD_PROTECT_KERNEL_MODULES_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^ProtectKernelModules/' $@ +@HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^ProtectKernelTunables/' $@ +@HAVE_SYSTEMD_PROTECT_SYSTEM_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^ProtectSystem/' $@ +@HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^RestrictAddressFamilies/' $@ +@HAVE_SYSTEMD_RESTRICT_NAMESPACES_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^RestrictNamespaces/' $@ +@HAVE_SYSTEMD_RESTRICT_REALTIME_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^RestrictRealtime/' $@ +@HAVE_SYSTEMD_RESTRICT_SUIDSGID_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^RestrictSUIDSGID/' $@ +@HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^SystemCallArchitectures/' $@ +@HAVE_SYSTEMD_SYSTEM_CALL_FILTER_FALSE@@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)perl -ni -e 'print unless /^SystemCallFilter/' $@ + +@HAVE_SYSTEMD_TRUE@dnsdist@.service: dnsdist.service +@HAVE_SYSTEMD_TRUE@ $(AM_V_GEN)sed -e 's!/dnsdist !&--config $(sysconfdir)/dnsdist-%i.conf !' \ +@HAVE_SYSTEMD_TRUE@ -e 's!RuntimeDirectory=.*!&-%i!' \ +@HAVE_SYSTEMD_TRUE@ -e 's!SyslogIdentifier=.*!&-%i!' \ +@HAVE_SYSTEMD_TRUE@ < $< >$@ +@HAVE_LUA_HPP_FALSE@lua.hpp: +@HAVE_LUA_HPP_FALSE@ $(AM_V_GEN)echo 'extern "C" {' > $@ +@HAVE_LUA_HPP_FALSE@ @echo '#include "lua.h"' >> $@ +@HAVE_LUA_HPP_FALSE@ @echo '#include "lualib.h"' >> $@ +@HAVE_LUA_HPP_FALSE@ @echo '#include "lauxlib.h"' >> $@ +@HAVE_LUA_HPP_FALSE@ @echo '}' >> $@ + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff --git a/README b/README new file mode 100644 index 0000000..f8e67cb --- /dev/null +++ b/README @@ -0,0 +1,29 @@ +# dnsdist +`dnsdist` is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in +life is to route traffic to the best server, delivering top performance +to legitimate users while shunting or blocking abusive traffic. + +`dnsdist` is dynamic, in the sense that its configuration can be changed at +runtime, and that its statistics can be queried from a console-like +interface. + +All `dnsdist` features are documented at [dnsdist.org](https://dnsdist.org). + +## Compiling from git + +Make sure to `autoreconf -vi` before running `configure`. + +## macOS Notes + +Install dependencies from Homebrew: + +```sh +brew install autoconf automake boost libedit libsodium libtool lua pkg-config protobuf +``` + +Let configure know where to find libedit, and openssl or libressl: + +```sh +./configure 'PKG_CONFIG_PATH=/usr/local/opt/libedit/lib/pkgconfig:/usr/local/opt/libressl/lib/pkgconfig' +make +``` diff --git a/README.md b/README.md new file mode 100644 index 0000000..f8e67cb --- /dev/null +++ b/README.md @@ -0,0 +1,29 @@ +# dnsdist +`dnsdist` is a highly DNS-, DoS- and abuse-aware loadbalancer. Its goal in +life is to route traffic to the best server, delivering top performance +to legitimate users while shunting or blocking abusive traffic. + +`dnsdist` is dynamic, in the sense that its configuration can be changed at +runtime, and that its statistics can be queried from a console-like +interface. + +All `dnsdist` features are documented at [dnsdist.org](https://dnsdist.org). + +## Compiling from git + +Make sure to `autoreconf -vi` before running `configure`. + +## macOS Notes + +Install dependencies from Homebrew: + +```sh +brew install autoconf automake boost libedit libsodium libtool lua pkg-config protobuf +``` + +Let configure know where to find libedit, and openssl or libressl: + +```sh +./configure 'PKG_CONFIG_PATH=/usr/local/opt/libedit/lib/pkgconfig:/usr/local/opt/libressl/lib/pkgconfig' +make +``` diff --git a/aclocal.m4 b/aclocal.m4 new file mode 100644 index 0000000..db0031f --- /dev/null +++ b/aclocal.m4 @@ -0,0 +1,1804 @@ +# generated automatically by aclocal 1.16.1 -*- Autoconf -*- + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. + +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.69],, +[m4_warning([this file was generated for autoconf 2.69. +You have another version of autoconf. It may work, but is not guaranteed to. +If you have problems, you may need to regenerate the build system entirely. +To do so, use the procedure documented by the package, typically 'autoreconf'.])]) + +# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# serial 11 (pkg-config-0.29.1) + +dnl Copyright © 2004 Scott James Remnant . +dnl Copyright © 2012-2015 Dan Nicholson +dnl +dnl This program is free software; you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation; either version 2 of the License, or +dnl (at your option) any later version. +dnl +dnl This program is distributed in the hope that it will be useful, but +dnl WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl General Public License for more details. +dnl +dnl You should have received a copy of the GNU General Public License +dnl along with this program; if not, write to the Free Software +dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +dnl 02111-1307, USA. +dnl +dnl As a special exception to the GNU General Public License, if you +dnl distribute this file as part of a program that contains a +dnl configuration script generated by Autoconf, you may include it under +dnl the same distribution terms that you use for the rest of that +dnl program. + +dnl PKG_PREREQ(MIN-VERSION) +dnl ----------------------- +dnl Since: 0.29 +dnl +dnl Verify that the version of the pkg-config macros are at least +dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's +dnl installed version of pkg-config, this checks the developer's version +dnl of pkg.m4 when generating configure. +dnl +dnl To ensure that this macro is defined, also add: +dnl m4_ifndef([PKG_PREREQ], +dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) +dnl +dnl See the "Since" comment for each macro you use to see what version +dnl of the macros you require. +m4_defun([PKG_PREREQ], +[m4_define([PKG_MACROS_VERSION], [0.29.1]) +m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, + [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) +])dnl PKG_PREREQ + +dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) +dnl ---------------------------------- +dnl Since: 0.16 +dnl +dnl Search for the pkg-config tool and set the PKG_CONFIG variable to +dnl first found in the path. Checks that the version of pkg-config found +dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is +dnl used since that's the first version where most current features of +dnl pkg-config existed. +AC_DEFUN([PKG_PROG_PKG_CONFIG], +[m4_pattern_forbid([^_?PKG_[A-Z_]+$]) +m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) +m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) +AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) +AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) +AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=m4_default([$1], [0.9.0]) + AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + PKG_CONFIG="" + fi +fi[]dnl +])dnl PKG_PROG_PKG_CONFIG + +dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------------------------------- +dnl Since: 0.18 +dnl +dnl Check to see whether a particular set of modules exists. Similar to +dnl PKG_CHECK_MODULES(), but does not set variables or print errors. +dnl +dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +dnl only at the first occurence in configure.ac, so if the first place +dnl it's called might be skipped (such as if it is within an "if", you +dnl have to call PKG_CHECK_EXISTS manually +AC_DEFUN([PKG_CHECK_EXISTS], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +if test -n "$PKG_CONFIG" && \ + AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then + m4_default([$2], [:]) +m4_ifvaln([$3], [else + $3])dnl +fi]) + +dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) +dnl --------------------------------------------- +dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting +dnl pkg_failed based on the result. +m4_define([_PKG_CONFIG], +[if test -n "$$1"; then + pkg_cv_[]$1="$$1" + elif test -n "$PKG_CONFIG"; then + PKG_CHECK_EXISTS([$3], + [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes ], + [pkg_failed=yes]) + else + pkg_failed=untried +fi[]dnl +])dnl _PKG_CONFIG + +dnl _PKG_SHORT_ERRORS_SUPPORTED +dnl --------------------------- +dnl Internal check to see if pkg-config supports short errors. +AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi[]dnl +])dnl _PKG_SHORT_ERRORS_SUPPORTED + + +dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl -------------------------------------------------------------- +dnl Since: 0.4.0 +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES might not happen, you should be sure to include an +dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac +AC_DEFUN([PKG_CHECK_MODULES], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl +AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl + +pkg_failed=no +AC_MSG_CHECKING([for $1]) + +_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) +_PKG_CONFIG([$1][_LIBS], [libs], [$2]) + +m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS +and $1[]_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details.]) + +if test $pkg_failed = yes; then + AC_MSG_RESULT([no]) + _PKG_SHORT_ERRORS_SUPPORTED + if test $_pkg_short_errors_supported = yes; then + $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` + else + $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD + + m4_default([$4], [AC_MSG_ERROR( +[Package requirements ($2) were not met: + +$$1_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +_PKG_TEXT])[]dnl + ]) +elif test $pkg_failed = untried; then + AC_MSG_RESULT([no]) + m4_default([$4], [AC_MSG_FAILURE( +[The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +_PKG_TEXT + +To get pkg-config, see .])[]dnl + ]) +else + $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS + $1[]_LIBS=$pkg_cv_[]$1[]_LIBS + AC_MSG_RESULT([yes]) + $3 +fi[]dnl +])dnl PKG_CHECK_MODULES + + +dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl --------------------------------------------------------------------- +dnl Since: 0.29 +dnl +dnl Checks for existence of MODULES and gathers its build flags with +dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags +dnl and VARIABLE-PREFIX_LIBS from --libs. +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to +dnl include an explicit call to PKG_PROG_PKG_CONFIG in your +dnl configure.ac. +AC_DEFUN([PKG_CHECK_MODULES_STATIC], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +_save_PKG_CONFIG=$PKG_CONFIG +PKG_CONFIG="$PKG_CONFIG --static" +PKG_CHECK_MODULES($@) +PKG_CONFIG=$_save_PKG_CONFIG[]dnl +])dnl PKG_CHECK_MODULES_STATIC + + +dnl PKG_INSTALLDIR([DIRECTORY]) +dnl ------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable pkgconfigdir as the location where a module +dnl should install pkg-config .pc files. By default the directory is +dnl $libdir/pkgconfig, but the default can be changed by passing +dnl DIRECTORY. The user can override through the --with-pkgconfigdir +dnl parameter. +AC_DEFUN([PKG_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([pkgconfigdir], + [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, + [with_pkgconfigdir=]pkg_default) +AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_INSTALLDIR + + +dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) +dnl -------------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable noarch_pkgconfigdir as the location where a +dnl module should install arch-independent pkg-config .pc files. By +dnl default the directory is $datadir/pkgconfig, but the default can be +dnl changed by passing DIRECTORY. The user can override through the +dnl --with-noarch-pkgconfigdir parameter. +AC_DEFUN([PKG_NOARCH_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([noarch-pkgconfigdir], + [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, + [with_noarch_pkgconfigdir=]pkg_default) +AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_NOARCH_INSTALLDIR + + +dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, +dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------- +dnl Since: 0.28 +dnl +dnl Retrieves the value of the pkg-config variable for the given module. +AC_DEFUN([PKG_CHECK_VAR], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl + +_PKG_CONFIG([$1], [variable="][$3]["], [$2]) +AS_VAR_COPY([$1], [pkg_cv_][$1]) + +AS_VAR_IF([$1], [""], [$5], [$4])dnl +])dnl PKG_CHECK_VAR + +dnl PKG_WITH_MODULES(VARIABLE-PREFIX, MODULES, +dnl [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND], +dnl [DESCRIPTION], [DEFAULT]) +dnl ------------------------------------------ +dnl +dnl Prepare a "--with-" configure option using the lowercase +dnl [VARIABLE-PREFIX] name, merging the behaviour of AC_ARG_WITH and +dnl PKG_CHECK_MODULES in a single macro. +AC_DEFUN([PKG_WITH_MODULES], +[ +m4_pushdef([with_arg], m4_tolower([$1])) + +m4_pushdef([description], + [m4_default([$5], [build with ]with_arg[ support])]) + +m4_pushdef([def_arg], [m4_default([$6], [auto])]) +m4_pushdef([def_action_if_found], [AS_TR_SH([with_]with_arg)=yes]) +m4_pushdef([def_action_if_not_found], [AS_TR_SH([with_]with_arg)=no]) + +m4_case(def_arg, + [yes],[m4_pushdef([with_without], [--without-]with_arg)], + [m4_pushdef([with_without],[--with-]with_arg)]) + +AC_ARG_WITH(with_arg, + AS_HELP_STRING(with_without, description[ @<:@default=]def_arg[@:>@]),, + [AS_TR_SH([with_]with_arg)=def_arg]) + +AS_CASE([$AS_TR_SH([with_]with_arg)], + [yes],[PKG_CHECK_MODULES([$1],[$2],$3,$4)], + [auto],[PKG_CHECK_MODULES([$1],[$2], + [m4_n([def_action_if_found]) $3], + [m4_n([def_action_if_not_found]) $4])]) + +m4_popdef([with_arg]) +m4_popdef([description]) +m4_popdef([def_arg]) + +])dnl PKG_WITH_MODULES + +dnl PKG_HAVE_WITH_MODULES(VARIABLE-PREFIX, MODULES, +dnl [DESCRIPTION], [DEFAULT]) +dnl ----------------------------------------------- +dnl +dnl Convenience macro to trigger AM_CONDITIONAL after PKG_WITH_MODULES +dnl check._[VARIABLE-PREFIX] is exported as make variable. +AC_DEFUN([PKG_HAVE_WITH_MODULES], +[ +PKG_WITH_MODULES([$1],[$2],,,[$3],[$4]) + +AM_CONDITIONAL([HAVE_][$1], + [test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"]) +])dnl PKG_HAVE_WITH_MODULES + +dnl PKG_HAVE_DEFINE_WITH_MODULES(VARIABLE-PREFIX, MODULES, +dnl [DESCRIPTION], [DEFAULT]) +dnl ------------------------------------------------------ +dnl +dnl Convenience macro to run AM_CONDITIONAL and AC_DEFINE after +dnl PKG_WITH_MODULES check. HAVE_[VARIABLE-PREFIX] is exported as make +dnl and preprocessor variable. +AC_DEFUN([PKG_HAVE_DEFINE_WITH_MODULES], +[ +PKG_HAVE_WITH_MODULES([$1],[$2],[$3],[$4]) + +AS_IF([test "$AS_TR_SH([with_]m4_tolower([$1]))" = "yes"], + [AC_DEFINE([HAVE_][$1], 1, [Enable ]m4_tolower([$1])[ support])]) +])dnl PKG_HAVE_DEFINE_WITH_MODULES + +# Copyright (C) 2002-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_AUTOMAKE_VERSION(VERSION) +# ---------------------------- +# Automake X.Y traces this macro to ensure aclocal.m4 has been +# generated from the m4 files accompanying Automake X.Y. +# (This private macro should not be called outside this file.) +AC_DEFUN([AM_AUTOMAKE_VERSION], +[am__api_version='1.16' +dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to +dnl require some minimum version. Point them to the right macro. +m4_if([$1], [1.16.1], [], + [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl +]) + +# _AM_AUTOCONF_VERSION(VERSION) +# ----------------------------- +# aclocal traces this macro to find the Autoconf version. +# This is a private macro too. Using m4_define simplifies +# the logic in aclocal, which can simply ignore this definition. +m4_define([_AM_AUTOCONF_VERSION], []) + +# AM_SET_CURRENT_AUTOMAKE_VERSION +# ------------------------------- +# Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. +# This function is AC_REQUIREd by AM_INIT_AUTOMAKE. +AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], +[AM_AUTOMAKE_VERSION([1.16.1])dnl +m4_ifndef([AC_AUTOCONF_VERSION], + [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl +_AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) + +# AM_AUX_DIR_EXPAND -*- Autoconf -*- + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets +# $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to +# '$srcdir', '$srcdir/..', or '$srcdir/../..'. +# +# Of course, Automake must honor this variable whenever it calls a +# tool from the auxiliary directory. The problem is that $srcdir (and +# therefore $ac_aux_dir as well) can be either absolute or relative, +# depending on how configure is run. This is pretty annoying, since +# it makes $ac_aux_dir quite unusable in subdirectories: in the top +# source directory, any form will work fine, but in subdirectories a +# relative path needs to be adjusted first. +# +# $ac_aux_dir/missing +# fails when called from a subdirectory if $ac_aux_dir is relative +# $top_srcdir/$ac_aux_dir/missing +# fails if $ac_aux_dir is absolute, +# fails when called from a subdirectory in a VPATH build with +# a relative $ac_aux_dir +# +# The reason of the latter failure is that $top_srcdir and $ac_aux_dir +# are both prefixed by $srcdir. In an in-source build this is usually +# harmless because $srcdir is '.', but things will broke when you +# start a VPATH build or use an absolute $srcdir. +# +# So we could use something similar to $top_srcdir/$ac_aux_dir/missing, +# iff we strip the leading $srcdir from $ac_aux_dir. That would be: +# am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` +# and then we would define $MISSING as +# MISSING="\${SHELL} $am_aux_dir/missing" +# This will work as long as MISSING is not called from configure, because +# unfortunately $(top_srcdir) has no meaning in configure. +# However there are other variables, like CC, which are often used in +# configure, and could therefore not use this "fixed" $ac_aux_dir. +# +# Another solution, used here, is to always expand $ac_aux_dir to an +# absolute PATH. The drawback is that using absolute paths prevent a +# configured tree to be moved without reconfiguration. + +AC_DEFUN([AM_AUX_DIR_EXPAND], +[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` +]) + +# AM_COND_IF -*- Autoconf -*- + +# Copyright (C) 2008-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_COND_IF +# _AM_COND_ELSE +# _AM_COND_ENDIF +# -------------- +# These macros are only used for tracing. +m4_define([_AM_COND_IF]) +m4_define([_AM_COND_ELSE]) +m4_define([_AM_COND_ENDIF]) + +# AM_COND_IF(COND, [IF-TRUE], [IF-FALSE]) +# --------------------------------------- +# If the shell condition COND is true, execute IF-TRUE, otherwise execute +# IF-FALSE. Allow automake to learn about conditional instantiating macros +# (the AC_CONFIG_FOOS). +AC_DEFUN([AM_COND_IF], +[m4_ifndef([_AM_COND_VALUE_$1], + [m4_fatal([$0: no such condition "$1"])])dnl +_AM_COND_IF([$1])dnl +if test -z "$$1_TRUE"; then : + m4_n([$2])[]dnl +m4_ifval([$3], +[_AM_COND_ELSE([$1])dnl +else + $3 +])dnl +_AM_COND_ENDIF([$1])dnl +fi[]dnl +]) + +# AM_CONDITIONAL -*- Autoconf -*- + +# Copyright (C) 1997-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_CONDITIONAL(NAME, SHELL-CONDITION) +# ------------------------------------- +# Define a conditional. +AC_DEFUN([AM_CONDITIONAL], +[AC_PREREQ([2.52])dnl + m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], + [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl +AC_SUBST([$1_TRUE])dnl +AC_SUBST([$1_FALSE])dnl +_AM_SUBST_NOTMAKE([$1_TRUE])dnl +_AM_SUBST_NOTMAKE([$1_FALSE])dnl +m4_define([_AM_COND_VALUE_$1], [$2])dnl +if $2; then + $1_TRUE= + $1_FALSE='#' +else + $1_TRUE='#' + $1_FALSE= +fi +AC_CONFIG_COMMANDS_PRE( +[if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then + AC_MSG_ERROR([[conditional "$1" was never defined. +Usually this means the macro was only invoked conditionally.]]) +fi])]) + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + + +# There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be +# written in clear, in which case automake, when reading aclocal.m4, +# will think it sees a *use*, and therefore will trigger all it's +# C support machinery. Also note that it means that autoscan, seeing +# CC etc. in the Makefile, will ask for an AC_PROG_CC use... + + +# _AM_DEPENDENCIES(NAME) +# ---------------------- +# See how the compiler implements dependency checking. +# NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC". +# We try a few techniques and use that to set a single cache variable. +# +# We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was +# modified to invoke _AM_DEPENDENCIES(CC); we would have a circular +# dependency, and given that the user is not expected to run this macro, +# just rely on AC_PROG_CC. +AC_DEFUN([_AM_DEPENDENCIES], +[AC_REQUIRE([AM_SET_DEPDIR])dnl +AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl +AC_REQUIRE([AM_MAKE_INCLUDE])dnl +AC_REQUIRE([AM_DEP_TRACK])dnl + +m4_if([$1], [CC], [depcc="$CC" am_compiler_list=], + [$1], [CXX], [depcc="$CXX" am_compiler_list=], + [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'], + [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'], + [$1], [UPC], [depcc="$UPC" am_compiler_list=], + [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'], + [depcc="$$1" am_compiler_list=]) + +AC_CACHE_CHECK([dependency style of $depcc], + [am_cv_$1_dependencies_compiler_type], +[if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_$1_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` + fi + am__universal=false + m4_case([$1], [CC], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac], + [CXX], + [case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac]) + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_$1_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_$1_dependencies_compiler_type=none +fi +]) +AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) +AM_CONDITIONAL([am__fastdep$1], [ + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) +]) + + +# AM_SET_DEPDIR +# ------------- +# Choose a directory name for dependency files. +# This macro is AC_REQUIREd in _AM_DEPENDENCIES. +AC_DEFUN([AM_SET_DEPDIR], +[AC_REQUIRE([AM_SET_LEADING_DOT])dnl +AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl +]) + + +# AM_DEP_TRACK +# ------------ +AC_DEFUN([AM_DEP_TRACK], +[AC_ARG_ENABLE([dependency-tracking], [dnl +AS_HELP_STRING( + [--enable-dependency-tracking], + [do not reject slow dependency extractors]) +AS_HELP_STRING( + [--disable-dependency-tracking], + [speeds up one-time build])]) +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi +AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) +AC_SUBST([AMDEPBACKSLASH])dnl +_AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl +AC_SUBST([am__nodep])dnl +_AM_SUBST_NOTMAKE([am__nodep])dnl +]) + +# Generate code to set up dependency tracking. -*- Autoconf -*- + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_OUTPUT_DEPENDENCY_COMMANDS +# ------------------------------ +AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], +[{ + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + AS_CASE([$CONFIG_FILES], + [*\'*], [eval set x "$CONFIG_FILES"], + [*], [set x $CONFIG_FILES]) + shift + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf + do + # Strip MF so we end up with the name of the file. + am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`AS_DIRNAME(["$am_mf"])` + am_filepart=`AS_BASENAME(["$am_mf"])` + AM_RUN_LOG([cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles]) || am_rc=$? + done + if test $am_rc -ne 0; then + AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. Try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking).]) + fi + AS_UNSET([am_dirpart]) + AS_UNSET([am_filepart]) + AS_UNSET([am_mf]) + AS_UNSET([am_rc]) + rm -f conftest-deps.mk +} +])# _AM_OUTPUT_DEPENDENCY_COMMANDS + + +# AM_OUTPUT_DEPENDENCY_COMMANDS +# ----------------------------- +# This macro should only be invoked once -- use via AC_REQUIRE. +# +# This code is only required when automatic dependency tracking is enabled. +# This creates each '.Po' and '.Plo' makefile fragment that we'll need in +# order to bootstrap the dependency handling code. +AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], +[AC_CONFIG_COMMANDS([depfiles], + [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], + [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])]) + +# Do all the work for Automake. -*- Autoconf -*- + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This macro actually does too much. Some checks are only needed if +# your package does certain things. But this isn't really a big deal. + +dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O. +m4_define([AC_PROG_CC], +m4_defn([AC_PROG_CC]) +[_AM_PROG_CC_C_O +]) + +# AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) +# AM_INIT_AUTOMAKE([OPTIONS]) +# ----------------------------------------------- +# The call with PACKAGE and VERSION arguments is the old style +# call (pre autoconf-2.50), which is being phased out. PACKAGE +# and VERSION should now be passed to AC_INIT and removed from +# the call to AM_INIT_AUTOMAKE. +# We support both call styles for the transition. After +# the next Automake release, Autoconf can make the AC_INIT +# arguments mandatory, and then we can depend on a new Autoconf +# release and drop the old call support. +AC_DEFUN([AM_INIT_AUTOMAKE], +[AC_PREREQ([2.65])dnl +dnl Autoconf wants to disallow AM_ names. We explicitly allow +dnl the ones we care about. +m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl +AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl +AC_REQUIRE([AC_PROG_INSTALL])dnl +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi +AC_SUBST([CYGPATH_W]) + +# Define the identity of the package. +dnl Distinguish between old-style and new-style calls. +m4_ifval([$2], +[AC_DIAGNOSE([obsolete], + [$0: two- and three-arguments forms are deprecated.]) +m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl + AC_SUBST([PACKAGE], [$1])dnl + AC_SUBST([VERSION], [$2])], +[_AM_SET_OPTIONS([$1])dnl +dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. +m4_if( + m4_ifdef([AC_PACKAGE_NAME], [ok]):m4_ifdef([AC_PACKAGE_VERSION], [ok]), + [ok:ok],, + [m4_fatal([AC_INIT should be called with package and version arguments])])dnl + AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl + AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl + +_AM_IF_OPTION([no-define],, +[AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) + AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl + +# Some tools Automake needs. +AC_REQUIRE([AM_SANITY_CHECK])dnl +AC_REQUIRE([AC_ARG_PROGRAM])dnl +AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) +AM_MISSING_PROG([AUTOCONF], [autoconf]) +AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) +AM_MISSING_PROG([AUTOHEADER], [autoheader]) +AM_MISSING_PROG([MAKEINFO], [makeinfo]) +AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl +AC_REQUIRE([AC_PROG_MKDIR_P])dnl +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +AC_SUBST([mkdir_p], ['$(MKDIR_P)']) +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. +AC_REQUIRE([AC_PROG_AWK])dnl +AC_REQUIRE([AC_PROG_MAKE_SET])dnl +AC_REQUIRE([AM_SET_LEADING_DOT])dnl +_AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], + [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], + [_AM_PROG_TAR([v7])])]) +_AM_IF_OPTION([no-dependencies],, +[AC_PROVIDE_IFELSE([AC_PROG_CC], + [_AM_DEPENDENCIES([CC])], + [m4_define([AC_PROG_CC], + m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl +AC_PROVIDE_IFELSE([AC_PROG_CXX], + [_AM_DEPENDENCIES([CXX])], + [m4_define([AC_PROG_CXX], + m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl +AC_PROVIDE_IFELSE([AC_PROG_OBJC], + [_AM_DEPENDENCIES([OBJC])], + [m4_define([AC_PROG_OBJC], + m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl +AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], + [_AM_DEPENDENCIES([OBJCXX])], + [m4_define([AC_PROG_OBJCXX], + m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl +]) +AC_REQUIRE([AM_SILENT_RULES])dnl +dnl The testsuite driver may need to know about EXEEXT, so add the +dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This +dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. +AC_CONFIG_COMMANDS_PRE(dnl +[m4_provide_if([_AM_COMPILER_EXEEXT], + [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl + +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: . + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) + fi +fi +dnl The trailing newline in this macro's definition is deliberate, for +dnl backward compatibility and to allow trailing 'dnl'-style comments +dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. +]) + +dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not +dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further +dnl mangled by Autoconf and run in a shell conditional statement. +m4_define([_AC_COMPILER_EXEEXT], +m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) + +# When config.status generates a header, we must update the stamp-h file. +# This file resides in the same directory as the config header +# that is generated. The stamp files are numbered to have different names. + +# Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the +# loop where config.status creates the headers, so we can generate +# our stamp files there. +AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], +[# Compute $1's index in $config_headers. +_am_arg=$1 +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_SH +# ------------------ +# Define $install_sh. +AC_DEFUN([AM_PROG_INSTALL_SH], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +if test x"${install_sh+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi +AC_SUBST([install_sh])]) + +# Copyright (C) 2003-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# Check whether the underlying file-system supports filenames +# with a leading dot. For instance MS-DOS doesn't. +AC_DEFUN([AM_SET_LEADING_DOT], +[rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null +AC_SUBST([am__leading_dot])]) + +# Check to see how 'make' treats includes. -*- Autoconf -*- + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_MAKE_INCLUDE() +# ----------------- +# Check whether make has an 'include' directive that can support all +# the idioms we need for our automatic dependency tracking code. +AC_DEFUN([AM_MAKE_INCLUDE], +[AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive]) +cat > confinc.mk << 'END' +am__doit: + @echo this is the am__doit target >confinc.out +.PHONY: am__doit +END +am__include="#" +am__quote= +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out]) + AS_CASE([$?:`cat confinc.out 2>/dev/null`], + ['0:this is the am__doit target'], + [AS_CASE([$s], + [BSD], [am__include='.include' am__quote='"'], + [am__include='include' am__quote=''])]) + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +AC_MSG_RESULT([${_am_result}]) +AC_SUBST([am__include])]) +AC_SUBST([am__quote])]) + +# Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- + +# Copyright (C) 1997-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_MISSING_PROG(NAME, PROGRAM) +# ------------------------------ +AC_DEFUN([AM_MISSING_PROG], +[AC_REQUIRE([AM_MISSING_HAS_RUN]) +$1=${$1-"${am_missing_run}$2"} +AC_SUBST($1)]) + +# AM_MISSING_HAS_RUN +# ------------------ +# Define MISSING if not defined so far and test if it is modern enough. +# If it is, set am_missing_run to use it, otherwise, to nothing. +AC_DEFUN([AM_MISSING_HAS_RUN], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([missing])dnl +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " +else + am_missing_run= + AC_MSG_WARN(['missing' script is too old or missing]) +fi +]) + +# Helper functions for option handling. -*- Autoconf -*- + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_MANGLE_OPTION(NAME) +# ----------------------- +AC_DEFUN([_AM_MANGLE_OPTION], +[[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) + +# _AM_SET_OPTION(NAME) +# -------------------- +# Set option NAME. Presently that only means defining a flag for this option. +AC_DEFUN([_AM_SET_OPTION], +[m4_define(_AM_MANGLE_OPTION([$1]), [1])]) + +# _AM_SET_OPTIONS(OPTIONS) +# ------------------------ +# OPTIONS is a space-separated list of Automake options. +AC_DEFUN([_AM_SET_OPTIONS], +[m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) + +# _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) +# ------------------------------------------- +# Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. +AC_DEFUN([_AM_IF_OPTION], +[m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_PROG_CC_C_O +# --------------- +# Like AC_PROG_CC_C_O, but changed for automake. We rewrite AC_PROG_CC +# to automatically call this. +AC_DEFUN([_AM_PROG_CC_C_O], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([compile])dnl +AC_LANG_PUSH([C])dnl +AC_CACHE_CHECK( + [whether $CC understands -c and -o together], + [am_cv_prog_cc_c_o], + [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])]) + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i]) +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +AC_LANG_POP([C])]) + +# For backward compatibility. +AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + + +# AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +# --------------------------------------------------------------------------- +# Adds support for distributing Python modules and packages. To +# install modules, copy them to $(pythondir), using the python_PYTHON +# automake variable. To install a package with the same name as the +# automake package, install to $(pkgpythondir), or use the +# pkgpython_PYTHON automake variable. +# +# The variables $(pyexecdir) and $(pkgpyexecdir) are provided as +# locations to install python extension modules (shared libraries). +# Another macro is required to find the appropriate flags to compile +# extension modules. +# +# If your package is configured with a different prefix to python, +# users will have to add the install directory to the PYTHONPATH +# environment variable, or create a .pth file (see the python +# documentation for details). +# +# If the MINIMUM-VERSION argument is passed, AM_PATH_PYTHON will +# cause an error if the version of python installed on the system +# doesn't meet the requirement. MINIMUM-VERSION should consist of +# numbers and dots only. +AC_DEFUN([AM_PATH_PYTHON], + [ + dnl Find a Python interpreter. Python versions prior to 2.0 are not + dnl supported. (2.0 was released on October 16, 2000). + m4_define_default([_AM_PYTHON_INTERPRETER_LIST], +[python python2 python3 dnl + python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 dnl + python3.2 python3.1 python3.0 dnl + python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 dnl + python2.0]) + + AC_ARG_VAR([PYTHON], [the Python interpreter]) + + m4_if([$1],[],[ + dnl No version check is needed. + # Find any Python interpreter. + if test -z "$PYTHON"; then + AC_PATH_PROGS([PYTHON], _AM_PYTHON_INTERPRETER_LIST, :) + fi + am_display_PYTHON=python + ], [ + dnl A version check is needed. + if test -n "$PYTHON"; then + # If the user set $PYTHON, use it and don't search something else. + AC_MSG_CHECKING([whether $PYTHON version is >= $1]) + AM_PYTHON_CHECK_VERSION([$PYTHON], [$1], + [AC_MSG_RESULT([yes])], + [AC_MSG_RESULT([no]) + AC_MSG_ERROR([Python interpreter is too old])]) + am_display_PYTHON=$PYTHON + else + # Otherwise, try each interpreter until we find one that satisfies + # VERSION. + AC_CACHE_CHECK([for a Python interpreter with version >= $1], + [am_cv_pathless_PYTHON],[ + for am_cv_pathless_PYTHON in _AM_PYTHON_INTERPRETER_LIST none; do + test "$am_cv_pathless_PYTHON" = none && break + AM_PYTHON_CHECK_VERSION([$am_cv_pathless_PYTHON], [$1], [break]) + done]) + # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. + if test "$am_cv_pathless_PYTHON" = none; then + PYTHON=: + else + AC_PATH_PROG([PYTHON], [$am_cv_pathless_PYTHON]) + fi + am_display_PYTHON=$am_cv_pathless_PYTHON + fi + ]) + + if test "$PYTHON" = :; then + dnl Run any user-specified action, or abort. + m4_default([$3], [AC_MSG_ERROR([no suitable Python interpreter found])]) + else + + dnl Query Python for its version number. Getting [:3] seems to be + dnl the best way to do this; it's what "site.py" does in the standard + dnl library. + + AC_CACHE_CHECK([for $am_display_PYTHON version], [am_cv_python_version], + [am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[[:3]])"`]) + AC_SUBST([PYTHON_VERSION], [$am_cv_python_version]) + + dnl Use the values of $prefix and $exec_prefix for the corresponding + dnl values of PYTHON_PREFIX and PYTHON_EXEC_PREFIX. These are made + dnl distinct variables so they can be overridden if need be. However, + dnl general consensus is that you shouldn't need this ability. + + AC_SUBST([PYTHON_PREFIX], ['${prefix}']) + AC_SUBST([PYTHON_EXEC_PREFIX], ['${exec_prefix}']) + + dnl At times (like when building shared libraries) you may want + dnl to know which OS platform Python thinks this is. + + AC_CACHE_CHECK([for $am_display_PYTHON platform], [am_cv_python_platform], + [am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"`]) + AC_SUBST([PYTHON_PLATFORM], [$am_cv_python_platform]) + + # Just factor out some code duplication. + am_python_setup_sysconfig="\ +import sys +# Prefer sysconfig over distutils.sysconfig, for better compatibility +# with python 3.x. See automake bug#10227. +try: + import sysconfig +except ImportError: + can_use_sysconfig = 0 +else: + can_use_sysconfig = 1 +# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: +# +try: + from platform import python_implementation + if python_implementation() == 'CPython' and sys.version[[:3]] == '2.7': + can_use_sysconfig = 0 +except ImportError: + pass" + + dnl Set up 4 directories: + + dnl pythondir -- where to install python scripts. This is the + dnl site-packages directory, not the python standard library + dnl directory like in previous automake betas. This behavior + dnl is more consistent with lispdir.m4 for example. + dnl Query distutils for this directory. + AC_CACHE_CHECK([for $am_display_PYTHON script directory], + [am_cv_python_pythondir], + [if test "x$prefix" = xNONE + then + am_py_prefix=$ac_default_prefix + else + am_py_prefix=$prefix + fi + am_cv_python_pythondir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pythondir in + $am_py_prefix*) + am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` + am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` + ;; + *) + case $am_py_prefix in + /usr|/System*) ;; + *) + am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) + AC_SUBST([pythondir], [$am_cv_python_pythondir]) + + dnl pkgpythondir -- $PACKAGE directory under pythondir. Was + dnl PYTHON_SITE_PACKAGE in previous betas, but this naming is + dnl more consistent with the rest of automake. + + AC_SUBST([pkgpythondir], [\${pythondir}/$PACKAGE]) + + dnl pyexecdir -- directory for installing python extension modules + dnl (shared libraries) + dnl Query distutils for this directory. + AC_CACHE_CHECK([for $am_display_PYTHON extension module directory], + [am_cv_python_pyexecdir], + [if test "x$exec_prefix" = xNONE + then + am_py_exec_prefix=$am_py_prefix + else + am_py_exec_prefix=$exec_prefix + fi + am_cv_python_pyexecdir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pyexecdir in + $am_py_exec_prefix*) + am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` + am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` + ;; + *) + case $am_py_exec_prefix in + /usr|/System*) ;; + *) + am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + ]) + AC_SUBST([pyexecdir], [$am_cv_python_pyexecdir]) + + dnl pkgpyexecdir -- $(pyexecdir)/$(PACKAGE) + + AC_SUBST([pkgpyexecdir], [\${pyexecdir}/$PACKAGE]) + + dnl Run any user-specified action. + $2 + fi + +]) + + +# AM_PYTHON_CHECK_VERSION(PROG, VERSION, [ACTION-IF-TRUE], [ACTION-IF-FALSE]) +# --------------------------------------------------------------------------- +# Run ACTION-IF-TRUE if the Python interpreter PROG has version >= VERSION. +# Run ACTION-IF-FALSE otherwise. +# This test uses sys.hexversion instead of the string equivalent (first +# word of sys.version), in order to cope with versions such as 2.2c1. +# This supports Python 2.0 or higher. (2.0 was released on October 16, 2000). +AC_DEFUN([AM_PYTHON_CHECK_VERSION], + [prog="import sys +# split strings by '.' and convert to numeric. Append some zeros +# because we need at least 4 digits for the hex conversion. +# map returns an iterator in Python 3.0 and a list in 2.x +minver = list(map(int, '$2'.split('.'))) + [[0, 0, 0]] +minverhex = 0 +# xrange is not present in Python 3.0 and range returns an iterator +for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[[i]] +sys.exit(sys.hexversion < minverhex)" + AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_RUN_LOG(COMMAND) +# ------------------- +# Run COMMAND, save the exit status in ac_status, and log it. +# (This has been adapted from Autoconf's _AC_RUN_LOG macro.) +AC_DEFUN([AM_RUN_LOG], +[{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD + ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD + (exit $ac_status); }]) + +# Check to make sure that the build environment is sane. -*- Autoconf -*- + +# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_SANITY_CHECK +# --------------- +AC_DEFUN([AM_SANITY_CHECK], +[AC_MSG_CHECKING([whether build environment is sane]) +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[[\\\"\#\$\&\'\`$am_lf]]*) + AC_MSG_ERROR([unsafe absolute working directory name]);; +esac +case $srcdir in + *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) + AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; +esac + +# Do 'set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$[*]" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$[*]" != "X $srcdir/configure conftest.file" \ + && test "$[*]" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken + alias in your environment]) + fi + if test "$[2]" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done + test "$[2]" = conftest.file + ) +then + # Ok. + : +else + AC_MSG_ERROR([newly created file is older than distributed files! +Check your system clock]) +fi +AC_MSG_RESULT([yes]) +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi +AC_CONFIG_COMMANDS_PRE( + [AC_MSG_CHECKING([that generated files are newer than configure]) + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + AC_MSG_RESULT([done])]) +rm -f conftest.file +]) + +# Copyright (C) 2009-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_SILENT_RULES([DEFAULT]) +# -------------------------- +# Enable less verbose build rules; with the default set to DEFAULT +# ("yes" being less verbose, "no" or empty being verbose). +AC_DEFUN([AM_SILENT_RULES], +[AC_ARG_ENABLE([silent-rules], [dnl +AS_HELP_STRING( + [--enable-silent-rules], + [less verbose build output (undo: "make V=1")]) +AS_HELP_STRING( + [--disable-silent-rules], + [verbose build output (undo: "make V=0")])dnl +]) +case $enable_silent_rules in @%:@ ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; +esac +dnl +dnl A few 'make' implementations (e.g., NonStop OS and NextStep) +dnl do not support nested variable expansions. +dnl See automake bug#9928 and bug#10237. +am_make=${MAKE-make} +AC_CACHE_CHECK([whether $am_make supports nested variables], + [am_cv_make_support_nested_variables], + [if AS_ECHO([['TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi]) +if test $am_cv_make_support_nested_variables = yes; then + dnl Using '$V' instead of '$(V)' breaks IRIX make. + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AC_SUBST([AM_V])dnl +AM_SUBST_NOTMAKE([AM_V])dnl +AC_SUBST([AM_DEFAULT_V])dnl +AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl +AC_SUBST([AM_DEFAULT_VERBOSITY])dnl +AM_BACKSLASH='\' +AC_SUBST([AM_BACKSLASH])dnl +_AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl +]) + +# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# AM_PROG_INSTALL_STRIP +# --------------------- +# One issue with vendor 'install' (even GNU) is that you can't +# specify the program used to strip binaries. This is especially +# annoying in cross-compiling environments, where the build's strip +# is unlikely to handle the host's binaries. +# Fortunately install-sh will honor a STRIPPROG variable, so we +# always use install-sh in "make install-strip", and initialize +# STRIPPROG with the value of the STRIP variable (set by the user). +AC_DEFUN([AM_PROG_INSTALL_STRIP], +[AC_REQUIRE([AM_PROG_INSTALL_SH])dnl +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the 'STRIP' environment variable to overrule this program. +dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. +if test "$cross_compiling" != no; then + AC_CHECK_TOOL([STRIP], [strip], :) +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" +AC_SUBST([INSTALL_STRIP_PROGRAM])]) + +# Copyright (C) 2006-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_SUBST_NOTMAKE(VARIABLE) +# --------------------------- +# Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. +# This macro is traced by Automake. +AC_DEFUN([_AM_SUBST_NOTMAKE]) + +# AM_SUBST_NOTMAKE(VARIABLE) +# -------------------------- +# Public sister of _AM_SUBST_NOTMAKE. +AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) + +# Check how to create a tarball. -*- Autoconf -*- + +# Copyright (C) 2004-2018 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# _AM_PROG_TAR(FORMAT) +# -------------------- +# Check how to create a tarball in format FORMAT. +# FORMAT should be one of 'v7', 'ustar', or 'pax'. +# +# Substitute a variable $(am__tar) that is a command +# writing to stdout a FORMAT-tarball containing the directory +# $tardir. +# tardir=directory && $(am__tar) > result.tar +# +# Substitute a variable $(am__untar) that extract such +# a tarball read from stdin. +# $(am__untar) < result.tar +# +AC_DEFUN([_AM_PROG_TAR], +[# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AC_SUBST([AMTAR], ['$${TAR-tar}']) + +# We'll loop over all known methods to create a tar archive until one works. +_am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' + +m4_if([$1], [v7], + [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], + + [m4_case([$1], + [ustar], + [# The POSIX 1988 'ustar' format is defined with fixed-size fields. + # There is notably a 21 bits limit for the UID and the GID. In fact, + # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 + # and bug#13588). + am_max_uid=2097151 # 2^21 - 1 + am_max_gid=$am_max_uid + # The $UID and $GID variables are not portable, so we need to resort + # to the POSIX-mandated id(1) utility. Errors in the 'id' calls + # below are definitely unexpected, so allow the users to see them + # (that is, avoid stderr redirection). + am_uid=`id -u || echo unknown` + am_gid=`id -g || echo unknown` + AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) + if test $am_uid -le $am_max_uid; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + _am_tools=none + fi + AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) + if test $am_gid -le $am_max_gid; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + _am_tools=none + fi], + + [pax], + [], + + [m4_fatal([Unknown tar format])]) + + AC_MSG_CHECKING([how to create a $1 tar archive]) + + # Go ahead even if we have the value already cached. We do so because we + # need to set the values for the 'am__tar' and 'am__untar' variables. + _am_tools=${am_cv_prog_tar_$1-$_am_tools} + + for _am_tool in $_am_tools; do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; do + AM_RUN_LOG([$_am_tar --version]) && break + done + am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x $1 -w "$$tardir"' + am__tar_='pax -L -x $1 -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H $1 -L' + am__tar_='find "$tardir" -print | cpio -o -H $1 -L' + am__untar='cpio -i -H $1 -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac + + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_$1}" && break + + # tar/untar a dummy directory, and stop if the command works. + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) + rm -rf conftest.dir + if test -s conftest.tar; then + AM_RUN_LOG([$am__untar /dev/null 2>&1 && break + fi + done + rm -rf conftest.dir + + AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) + AC_MSG_RESULT([$am_cv_prog_tar_$1])]) + +AC_SUBST([am__tar]) +AC_SUBST([am__untar]) +]) # _AM_PROG_TAR + +m4_include([m4/ac_pthread_set_name.m4]) +m4_include([m4/ax_arg_default_enable_disable.m4]) +m4_include([m4/ax_check_sign.m4]) +m4_include([m4/ax_compile_check_sizeof.m4]) +m4_include([m4/ax_cxx_compile_stdcxx.m4]) +m4_include([m4/ax_cxx_compile_stdcxx_17.m4]) +m4_include([m4/ax_python_module.m4]) +m4_include([m4/boost.m4]) +m4_include([m4/dnsdist_enable_dnscrypt.m4]) +m4_include([m4/dnsdist_enable_doh.m4]) +m4_include([m4/libtool.m4]) +m4_include([m4/ltoptions.m4]) +m4_include([m4/ltsugar.m4]) +m4_include([m4/ltversion.m4]) +m4_include([m4/lt~obsolete.m4]) +m4_include([m4/pdns_check_cdb.m4]) +m4_include([m4/pdns_check_clock_gettime.m4]) +m4_include([m4/pdns_check_dnstap.m4]) +m4_include([m4/pdns_check_libcrypto.m4]) +m4_include([m4/pdns_check_libedit.m4]) +m4_include([m4/pdns_check_libh2o_evloop.m4]) +m4_include([m4/pdns_check_lmdb.m4]) +m4_include([m4/pdns_check_lua_hpp.m4]) +m4_include([m4/pdns_check_network_libs.m4]) +m4_include([m4/pdns_check_os.m4]) +m4_include([m4/pdns_check_pthread_np.m4]) +m4_include([m4/pdns_check_python_venv.m4]) +m4_include([m4/pdns_check_ragel.m4]) +m4_include([m4/pdns_check_secure_memset.m4]) +m4_include([m4/pdns_check_time_t.m4]) +m4_include([m4/pdns_d_fortify_source.m4]) +m4_include([m4/pdns_enable_sanitizers.m4]) +m4_include([m4/pdns_enable_tls.m4]) +m4_include([m4/pdns_enable_unit_tests.m4]) +m4_include([m4/pdns_param_ssp_buffer_size.m4]) +m4_include([m4/pdns_pie.m4]) +m4_include([m4/pdns_relro.m4]) +m4_include([m4/pdns_stack_protector.m4]) +m4_include([m4/pdns_with_ebpf.m4]) +m4_include([m4/pdns_with_gnutls.m4]) +m4_include([m4/pdns_with_libcap.m4]) +m4_include([m4/pdns_with_libsodium.m4]) +m4_include([m4/pdns_with_libssl.m4]) +m4_include([m4/pdns_with_lua.m4]) +m4_include([m4/pdns_with_net_snmp.m4]) +m4_include([m4/pdns_with_nghttp2.m4]) +m4_include([m4/pdns_with_re2.m4]) +m4_include([m4/pdns_with_service_user.m4]) +m4_include([m4/systemd.m4]) +m4_include([m4/warnings.m4]) diff --git a/ascii.hh b/ascii.hh new file mode 100644 index 0000000..09f42de --- /dev/null +++ b/ascii.hh @@ -0,0 +1,41 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +inline bool dns_isspace(char c) +{ + return c==' ' || c=='\t' || c=='\r' || c=='\n'; +} + +inline unsigned char dns_toupper(unsigned char c) +{ + if(c>='a' && c<='z') + c+='A'-'a'; + return c; +} + +inline unsigned char dns_tolower(unsigned char c) +{ + if(c>='A' && c<='Z') + c+='a'-'A'; + return c; +} diff --git a/base64.hh b/base64.hh new file mode 100644 index 0000000..a84181d --- /dev/null +++ b/base64.hh @@ -0,0 +1,26 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once +#include + +template int B64Decode(const std::string& src, Container& dst); +std::string Base64Encode (const std::string& src); diff --git a/bpf-filter.cc b/bpf-filter.cc new file mode 100644 index 0000000..877f5f8 --- /dev/null +++ b/bpf-filter.cc @@ -0,0 +1,757 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "bpf-filter.hh" + +#ifdef HAVE_EBPF + +#include +#include + +#include "ext/libbpf/libbpf.h" + +#include "misc.hh" + +static __u64 ptr_to_u64(void *ptr) +{ + return (__u64) (unsigned long) ptr; +} + +/* these can be static as they are not declared in libbpf.h: */ +static int bpf_pin_map(int fd, const std::string& path) +{ + union bpf_attr attr; + memset(&attr, 0, sizeof(attr)); + attr.bpf_fd = fd; + attr.pathname = ptr_to_u64(const_cast(path.c_str())); + return syscall(SYS_bpf, BPF_OBJ_PIN, &attr, sizeof(attr)); +} + +static int bpf_load_pinned_map(const std::string& path) +{ + union bpf_attr attr; + memset(&attr, 0, sizeof(attr)); + attr.pathname = ptr_to_u64(const_cast(path.c_str())); + return syscall(SYS_bpf, BPF_OBJ_GET, &attr, sizeof(attr)); +} + +static void bpf_check_map_sizes(int fd, uint32_t expectedKeySize, uint32_t expectedValueSize) +{ + struct bpf_map_info info; + uint32_t info_len = sizeof(info); + memset(&info, 0, sizeof(info)); + + union bpf_attr attr; + memset(&attr, 0, sizeof(attr)); + attr.info.bpf_fd = fd; + attr.info.info_len = info_len; + attr.info.info = ptr_to_u64(&info); + + int err = syscall(SYS_bpf, BPF_OBJ_GET_INFO_BY_FD, &attr, sizeof(attr)); + if (err != 0) { + throw std::runtime_error("Error checking the size of eBPF map: " + stringerror()); + } + if (info_len != sizeof(info)) { + throw std::runtime_error("Error checking the size of eBPF map: invalid info size returned"); + } + if (info.key_size != expectedKeySize) { + throw std::runtime_error("Error checking the size of eBPF map: key size mismatch (" + std::to_string(info.key_size) + " VS " + std::to_string(expectedKeySize) + ")"); + } + if (info.value_size != expectedValueSize) { + throw std::runtime_error("Error checking the size of eBPF map: value size mismatch (" + std::to_string(info.value_size) + " VS " + std::to_string(expectedValueSize) + ")"); + } +} + +int bpf_create_map(enum bpf_map_type map_type, int key_size, int value_size, + int max_entries) +{ + union bpf_attr attr; + memset(&attr, 0, sizeof(attr)); + attr.map_type = map_type; + attr.key_size = key_size; + attr.value_size = value_size; + attr.max_entries = max_entries; + return syscall(SYS_bpf, BPF_MAP_CREATE, &attr, sizeof(attr)); +} + +int bpf_update_elem(int fd, void *key, void *value, unsigned long long flags) +{ + union bpf_attr attr; + memset(&attr, 0, sizeof(attr)); + attr.map_fd = fd; + attr.key = ptr_to_u64(key); + attr.value = ptr_to_u64(value); + attr.flags = flags; + return syscall(SYS_bpf, BPF_MAP_UPDATE_ELEM, &attr, sizeof(attr)); +} + +int bpf_lookup_elem(int fd, void *key, void *value) +{ + union bpf_attr attr; + memset(&attr, 0, sizeof(attr)); + attr.map_fd = fd; + attr.key = ptr_to_u64(key); + attr.value = ptr_to_u64(value); + return syscall(SYS_bpf, BPF_MAP_LOOKUP_ELEM, &attr, sizeof(attr)); +} + +int bpf_delete_elem(int fd, void *key) +{ + union bpf_attr attr; + memset(&attr, 0, sizeof(attr)); + attr.map_fd = fd; + attr.key = ptr_to_u64(key); + return syscall(SYS_bpf, BPF_MAP_DELETE_ELEM, &attr, sizeof(attr)); +} + +int bpf_get_next_key(int fd, void *key, void *next_key) +{ + union bpf_attr attr; + memset(&attr, 0, sizeof(attr)); + attr.map_fd = fd; + attr.key = ptr_to_u64(key); + attr.next_key = ptr_to_u64(next_key); + return syscall(SYS_bpf, BPF_MAP_GET_NEXT_KEY, &attr, sizeof(attr)); +} + +int bpf_prog_load(enum bpf_prog_type prog_type, + const struct bpf_insn *insns, int prog_len, + const char *license, int kern_version) +{ + char log_buf[65535]; + union bpf_attr attr; + memset(&attr, 0, sizeof(attr)); + attr.prog_type = prog_type; + attr.insns = ptr_to_u64((void *) insns); + attr.insn_cnt = prog_len / sizeof(struct bpf_insn); + attr.license = ptr_to_u64((void *) license); + attr.log_buf = ptr_to_u64(log_buf); + attr.log_size = sizeof(log_buf); + attr.log_level = 1; + /* assign one field outside of struct init to make sure any + * padding is zero initialized + */ + attr.kern_version = kern_version; + + long res = syscall(SYS_bpf, BPF_PROG_LOAD, &attr, sizeof(attr)); + if (res == -1) { + if (errno == ENOSPC) { + /* not enough space in the log buffer */ + attr.log_level = 0; + attr.log_size = 0; + attr.log_buf = ptr_to_u64(nullptr); + res = syscall(SYS_bpf, BPF_PROG_LOAD, &attr, sizeof(attr)); + if (res != -1) { + return res; + } + } + throw std::runtime_error("Error loading BPF program: (" + stringerror() + "):\n" + std::string(log_buf)); + } + return res; +} + +struct KeyV6 +{ + uint8_t src[16]; +}; + +struct QNameKey +{ + uint8_t qname[255]; +}; + +struct QNameAndQTypeKey +{ + uint8_t qname[255]; + uint16_t qtype; +}; + +struct QNameValue +{ + uint64_t counter{0}; + uint16_t qtype{0}; +}; + +struct CounterAndActionValue +{ + uint64_t counter{0}; + BPFFilter::MatchAction action{BPFFilter::MatchAction::Pass}; +}; + +BPFFilter::Map::Map(const BPFFilter::MapConfiguration& config, BPFFilter::MapFormat format): d_config(config) +{ + if (d_config.d_type == BPFFilter::MapType::Filters) { + /* special case, this is a map of eBPF programs */ + d_fd = FDWrapper(bpf_create_map(BPF_MAP_TYPE_PROG_ARRAY, sizeof(uint32_t), sizeof(uint32_t), d_config.d_maxItems)); + if (d_fd.getHandle() == -1) { + throw std::runtime_error("Error creating a BPF program map of size " + std::to_string(d_config.d_maxItems) + ": " + stringerror()); + } + } + else { + int keySize = 0; + int valueSize = 0; + if (format == MapFormat::Legacy) { + switch (d_config.d_type) { + case MapType::IPv4: + keySize = sizeof(uint32_t); + valueSize = sizeof(uint64_t); + break; + case MapType::IPv6: + keySize = sizeof(KeyV6); + valueSize = sizeof(uint64_t); + break; + case MapType::QNames: + keySize = sizeof(QNameKey); + valueSize = sizeof(QNameValue); + break; + default: + throw std::runtime_error("Unsupported eBPF map type: " + std::to_string(static_cast(d_config.d_type))); + } + } + else { + switch (d_config.d_type) { + case MapType::IPv4: + keySize = sizeof(uint32_t); + valueSize = sizeof(CounterAndActionValue); + break; + case MapType::IPv6: + keySize = sizeof(KeyV6); + valueSize = sizeof(CounterAndActionValue); + break; + case MapType::QNames: + keySize = sizeof(QNameAndQTypeKey); + valueSize = sizeof(CounterAndActionValue); + break; + default: + throw std::runtime_error("Unsupported eBPF map type: " + std::to_string(static_cast(d_config.d_type))); + } + } + + if (!d_config.d_pinnedPath.empty()) { + /* try to load */ + d_fd = FDWrapper(bpf_load_pinned_map(d_config.d_pinnedPath)); + if (d_fd.getHandle() != -1) { + /* sanity checks: key and value size */ + bpf_check_map_sizes(d_fd.getHandle(), keySize, valueSize); + + if (d_config.d_type == MapType::IPv4) { + uint32_t key = 0; + while (bpf_get_next_key(d_fd.getHandle(), &key, &key) == 0) { + ++d_count; + } + } + else if (d_config.d_type == MapType::IPv6) { + KeyV6 key; + memset(&key, 0, sizeof(key)); + while (bpf_get_next_key(d_fd.getHandle(), &key, &key) == 0) { + ++d_count; + } + } + else if (d_config.d_type == MapType::QNames) { + if (format == MapFormat::Legacy) { + QNameKey key; + memset(&key, 0, sizeof(key)); + while (bpf_get_next_key(d_fd.getHandle(), &key, &key) == 0) { + ++d_count; + } + } + else { + QNameAndQTypeKey key; + memset(&key, 0, sizeof(key)); + while (bpf_get_next_key(d_fd.getHandle(), &key, &key) == 0) { + ++d_count; + } + } + } + } + } + + if (d_fd.getHandle() == -1) { + d_fd = FDWrapper(bpf_create_map(BPF_MAP_TYPE_HASH, keySize, valueSize, static_cast(d_config.d_maxItems))); + if (d_fd.getHandle() == -1) { + throw std::runtime_error("Error creating a BPF map of size " + std::to_string(d_config.d_maxItems) + ": " + stringerror()); + } + + if (!d_config.d_pinnedPath.empty()) { + if (bpf_pin_map(d_fd.getHandle(), d_config.d_pinnedPath) != 0) { + throw std::runtime_error("Unable to pin map to path '" + d_config.d_pinnedPath + "': " + stringerror()); + } + } + } + } +} + +static FDWrapper loadProgram(const struct bpf_insn* filter, size_t filterSize) +{ + auto fd = FDWrapper(bpf_prog_load(BPF_PROG_TYPE_SOCKET_FILTER, + filter, + filterSize, + "GPL", + 0)); + if (fd.getHandle() == -1) { + throw std::runtime_error("error loading BPF filter: " + stringerror()); + } + return fd; +} + + +BPFFilter::BPFFilter(const BPFFilter::MapConfiguration& v4, const BPFFilter::MapConfiguration& v6, const BPFFilter::MapConfiguration& qnames, BPFFilter::MapFormat format, bool external): d_mapFormat(format), d_external(external) +{ + if (d_mapFormat != BPFFilter::MapFormat::Legacy && !d_external) { + throw std::runtime_error("Unsupported eBPF map format, the current internal implemenation only supports the legacy format"); + } + + auto maps = d_maps.lock(); + + maps->d_v4 = BPFFilter::Map(v4, d_mapFormat); + maps->d_v6 = BPFFilter::Map(v6, d_mapFormat); + maps->d_qnames = BPFFilter::Map(qnames, d_mapFormat); + if (!external) { + BPFFilter::MapConfiguration filters; + filters.d_maxItems = 1; + filters.d_type = BPFFilter::MapType::Filters; + maps->d_filters = BPFFilter::Map(filters, d_mapFormat); + + const struct bpf_insn main_filter[] = { +#include "bpf-filter.main.ebpf" + }; + + const struct bpf_insn qname_filter[] = { +#include "bpf-filter.qname.ebpf" + }; + + try { + d_mainfilter = loadProgram(main_filter, + sizeof(main_filter)); + } + catch (const std::exception& e) { + throw std::runtime_error("Error load the main eBPF filter: " + std::string(e.what())); + } + + try { + d_qnamefilter = loadProgram(qname_filter, + sizeof(qname_filter)); + } + catch (const std::exception& e) { + throw std::runtime_error("Error load the qname eBPF filter: " + std::string(e.what())); + } + + uint32_t key = 0; + int qnamefd = d_qnamefilter.getHandle(); + int res = bpf_update_elem(maps->d_filters.d_fd.getHandle(), &key, &qnamefd, BPF_ANY); + if (res != 0) { + throw std::runtime_error("Error updating BPF filters map: " + stringerror()); + } + } +} + +void BPFFilter::addSocket(int sock) +{ + int fd = d_mainfilter.getHandle(); + int res = setsockopt(sock, SOL_SOCKET, SO_ATTACH_BPF, &fd, sizeof(fd)); + + if (res != 0) { + throw std::runtime_error("Error attaching BPF filter to this socket: " + stringerror()); + } +} + +void BPFFilter::removeSocket(int sock) +{ + int fd = d_mainfilter.getHandle(); + int res = setsockopt(sock, SOL_SOCKET, SO_DETACH_BPF, &fd, sizeof(fd)); + + if (res != 0) { + throw std::runtime_error("Error detaching BPF filter from this socket: " + stringerror()); + } +} + +void BPFFilter::block(const ComboAddress& addr, BPFFilter::MatchAction action) +{ + CounterAndActionValue value; + value.counter = 0; + value.action = action; + + int res = 0; + if (addr.isIPv4()) { + uint32_t key = htonl(addr.sin4.sin_addr.s_addr); + auto maps = d_maps.lock(); + auto& map = maps->d_v4; + if (map.d_count >= map.d_config.d_maxItems) { + throw std::runtime_error("Table full when trying to block " + addr.toString()); + } + + res = bpf_lookup_elem(map.d_fd.getHandle(), &key, &value); + if (res != -1) { + throw std::runtime_error("Trying to block an already blocked address: " + addr.toString()); + } + + res = bpf_update_elem(map.d_fd.getHandle(), &key, &value, BPF_NOEXIST); + if (res == 0) { + ++map.d_count; + } + } + else if (addr.isIPv6()) { + uint8_t key[16]; + static_assert(sizeof(addr.sin6.sin6_addr.s6_addr) == sizeof(key), "POSIX mandates s6_addr to be an array of 16 uint8_t"); + for (size_t idx = 0; idx < sizeof(key); idx++) { + key[idx] = addr.sin6.sin6_addr.s6_addr[idx]; + } + + auto maps = d_maps.lock(); + auto& map = maps->d_v6; + if (map.d_count >= map.d_config.d_maxItems) { + throw std::runtime_error("Table full when trying to block " + addr.toString()); + } + + res = bpf_lookup_elem(map.d_fd.getHandle(), &key, &value); + if (res != -1) { + throw std::runtime_error("Trying to block an already blocked address: " + addr.toString()); + } + + res = bpf_update_elem(map.d_fd.getHandle(), key, &value, BPF_NOEXIST); + if (res == 0) { + map.d_count++; + } + } + + if (res != 0) { + throw std::runtime_error("Error adding blocked address " + addr.toString() + ": " + stringerror()); + } +} + +void BPFFilter::unblock(const ComboAddress& addr) +{ + int res = 0; + if (addr.isIPv4()) { + uint32_t key = htonl(addr.sin4.sin_addr.s_addr); + auto maps = d_maps.lock(); + auto& map = maps->d_v4; + res = bpf_delete_elem(map.d_fd.getHandle(), &key); + if (res == 0) { + --map.d_count; + } + } + else if (addr.isIPv6()) { + uint8_t key[16]; + static_assert(sizeof(addr.sin6.sin6_addr.s6_addr) == sizeof(key), "POSIX mandates s6_addr to be an array of 16 uint8_t"); + for (size_t idx = 0; idx < sizeof(key); idx++) { + key[idx] = addr.sin6.sin6_addr.s6_addr[idx]; + } + + auto maps = d_maps.lock(); + auto& map = maps->d_v6; + res = bpf_delete_elem(map.d_fd.getHandle(), key); + if (res == 0) { + --map.d_count; + } + } + + if (res != 0) { + throw std::runtime_error("Error removing blocked address " + addr.toString() + ": " + stringerror()); + } +} + +void BPFFilter::block(const DNSName& qname, BPFFilter::MatchAction action, uint16_t qtype) +{ + CounterAndActionValue cadvalue; + QNameValue qvalue; + void* value = nullptr; + + if (d_external) { + cadvalue.counter = 0; + cadvalue.action = action; + value = &cadvalue; + } + else { + qvalue.counter = 0; + qvalue.qtype = qtype; + value = &qvalue; + } + + QNameAndQTypeKey key; + memset(&key, 0, sizeof(key)); + + std::string keyStr = qname.toDNSStringLC(); + if (keyStr.size() > sizeof(key.qname)) { + throw std::runtime_error("Invalid QName to block " + qname.toLogString()); + } + memcpy(key.qname, keyStr.c_str(), keyStr.size()); + key.qtype = qtype; + + { + auto maps = d_maps.lock(); + auto& map = maps->d_qnames; + if (map.d_count >= map.d_config.d_maxItems) { + throw std::runtime_error("Table full when trying to block " + qname.toLogString()); + } + + int res = bpf_lookup_elem(map.d_fd.getHandle(), &key, value); + if (res != -1) { + throw std::runtime_error("Trying to block an already blocked qname: " + qname.toLogString()); + } + res = bpf_update_elem(map.d_fd.getHandle(), &key, value, BPF_NOEXIST); + if (res == 0) { + ++map.d_count; + } + + if (res != 0) { + throw std::runtime_error("Error adding blocked qname " + qname.toLogString() + ": " + stringerror()); + } + } +} + +void BPFFilter::unblock(const DNSName& qname, uint16_t qtype) +{ + QNameAndQTypeKey key; + memset(&key, 0, sizeof(key)); + std::string keyStr = qname.toDNSStringLC(); + + if (keyStr.size() > sizeof(key.qname)) { + throw std::runtime_error("Invalid QName to block " + qname.toLogString()); + } + memcpy(key.qname, keyStr.c_str(), keyStr.size()); + key.qtype = qtype; + + { + auto maps = d_maps.lock(); + auto& map = maps->d_qnames; + int res = bpf_delete_elem(map.d_fd.getHandle(), &key); + if (res == 0) { + --map.d_count; + } + else { + throw std::runtime_error("Error removing qname address " + qname.toLogString() + ": " + stringerror()); + } + } +} + +std::vector > BPFFilter::getAddrStats() +{ + std::vector > result; + { + auto maps = d_maps.lock(); + result.reserve(maps->d_v4.d_count + maps->d_v6.d_count); + } + + sockaddr_in v4Addr; + memset(&v4Addr, 0, sizeof(v4Addr)); + v4Addr.sin_family = AF_INET; + + uint32_t v4Key = 0; + uint32_t nextV4Key; + CounterAndActionValue value; + + uint8_t v6Key[16]; + uint8_t nextV6Key[16]; + sockaddr_in6 v6Addr; + memset(&v6Addr, 0, sizeof(v6Addr)); + v6Addr.sin6_family = AF_INET6; + + static_assert(sizeof(v6Addr.sin6_addr.s6_addr) == sizeof(v6Key), "POSIX mandates s6_addr to be an array of 16 uint8_t"); + memset(&v6Key, 0, sizeof(v6Key)); + + auto maps = d_maps.lock(); + + { + auto& map = maps->d_v4; + int res = bpf_get_next_key(map.d_fd.getHandle(), &v4Key, &nextV4Key); + + while (res == 0) { + v4Key = nextV4Key; + if (bpf_lookup_elem(map.d_fd.getHandle(), &v4Key, &value) == 0) { + v4Addr.sin_addr.s_addr = ntohl(v4Key); + result.emplace_back(ComboAddress(&v4Addr), value.counter); + } + + res = bpf_get_next_key(map.d_fd.getHandle(), &v4Key, &nextV4Key); + } + } + + { + auto& map = maps->d_v6; + int res = bpf_get_next_key(map.d_fd.getHandle(), &v6Key, &nextV6Key); + + while (res == 0) { + if (bpf_lookup_elem(map.d_fd.getHandle(), &nextV6Key, &value) == 0) { + memcpy(&v6Addr.sin6_addr.s6_addr, &nextV6Key, sizeof(nextV6Key)); + + result.emplace_back(ComboAddress(&v6Addr), value.counter); + } + + res = bpf_get_next_key(map.d_fd.getHandle(), &nextV6Key, &nextV6Key); + } + } + + return result; +} + +std::vector > BPFFilter::getQNameStats() +{ + std::vector > result; + + if (d_mapFormat == MapFormat::Legacy) { + QNameKey key = { { 0 } }; + QNameKey nextKey = { { 0 } }; + QNameValue value; + + auto maps = d_maps.lock(); + auto& map = maps->d_qnames; + result.reserve(map.d_count); + int res = bpf_get_next_key(map.d_fd.getHandle(), &key, &nextKey); + + while (res == 0) { + if (bpf_lookup_elem(map.d_fd.getHandle(), &nextKey, &value) == 0) { + nextKey.qname[sizeof(nextKey.qname) - 1 ] = '\0'; + result.push_back(std::make_tuple(DNSName(reinterpret_cast(nextKey.qname), sizeof(nextKey.qname), 0, false), value.qtype, value.counter)); + } + + res = bpf_get_next_key(map.d_fd.getHandle(), &nextKey, &nextKey); + } + } + else { + QNameAndQTypeKey key; + QNameAndQTypeKey nextKey; + memset(&key, 0, sizeof(key)); + memset(&nextKey, 0, sizeof(nextKey)); + CounterAndActionValue value; + + auto maps = d_maps.lock(); + auto& map = maps->d_qnames; + result.reserve(map.d_count); + int res = bpf_get_next_key(map.d_fd.getHandle(), &key, &nextKey); + + while (res == 0) { + if (bpf_lookup_elem(map.d_fd.getHandle(), &nextKey, &value) == 0) { + nextKey.qname[sizeof(nextKey.qname) - 1 ] = '\0'; + result.push_back(std::make_tuple(DNSName(reinterpret_cast(nextKey.qname), sizeof(nextKey.qname), 0, false), key.qtype, value.counter)); + } + + res = bpf_get_next_key(map.d_fd.getHandle(), &nextKey, &nextKey); + } + } + + return result; +} + +uint64_t BPFFilter::getHits(const ComboAddress& requestor) +{ + CounterAndActionValue counter; + + if (requestor.isIPv4()) { + uint32_t key = htonl(requestor.sin4.sin_addr.s_addr); + + auto maps = d_maps.lock(); + auto& map = maps->d_v4; + int res = bpf_lookup_elem(map.d_fd.getHandle(), &key, &counter); + if (res == 0) { + return counter.counter; + } + } + else if (requestor.isIPv6()) { + uint8_t key[16]; + static_assert(sizeof(requestor.sin6.sin6_addr.s6_addr) == sizeof(key), "POSIX mandates s6_addr to be an array of 16 uint8_t"); + for (size_t idx = 0; idx < sizeof(key); idx++) { + key[idx] = requestor.sin6.sin6_addr.s6_addr[idx]; + } + + auto maps = d_maps.lock(); + auto& map = maps->d_v6; + int res = bpf_lookup_elem(map.d_fd.getHandle(), &key, &counter); + if (res == 0) { + return counter.counter; + } + } + + return 0; +} + +#else + +BPFFilter::BPFFilter(const BPFFilter::MapConfiguration&, const BPFFilter::MapConfiguration&, const BPFFilter::MapConfiguration&, BPFFilter::MapFormat, bool) +{ +} + +void BPFFilter::addSocket(int) +{ + throw std::runtime_error("eBPF support not enabled"); +} + +void BPFFilter::removeSocket(int) +{ + throw std::runtime_error("eBPF support not enabled"); +} + +void BPFFilter::block(const ComboAddress&, BPFFilter::MatchAction) +{ + throw std::runtime_error("eBPF support not enabled"); +} + +void BPFFilter::unblock(const ComboAddress&) +{ + throw std::runtime_error("eBPF support not enabled"); +} + +void BPFFilter::block(const DNSName&, BPFFilter::MatchAction, uint16_t) +{ + throw std::runtime_error("eBPF support not enabled"); +} + +void BPFFilter::unblock(const DNSName&, uint16_t) +{ + throw std::runtime_error("eBPF support not enabled"); +} + +std::vector > BPFFilter::getAddrStats() +{ + std::vector > result; + return result; +} + +std::vector > BPFFilter::getQNameStats() +{ + std::vector > result; + return result; +} + +uint64_t BPFFilter::getHits(const ComboAddress&) +{ + return 0; +} +#endif /* HAVE_EBPF */ + +bool BPFFilter::supportsMatchAction(MatchAction action) const +{ +#ifdef HAVE_EBPF + if (action == BPFFilter::MatchAction::Drop) { + return true; + } + return d_mapFormat == BPFFilter::MapFormat::WithActions; +#endif /* HAVE_EBPF */ + return false; +} + +bool BPFFilter::isExternal() const +{ +#ifdef HAVE_EBPF + return d_external; +#endif /* HAVE_EBPF */ + return false; +} diff --git a/bpf-filter.ebpf.src b/bpf-filter.ebpf.src new file mode 100644 index 0000000..9f58669 --- /dev/null +++ b/bpf-filter.ebpf.src @@ -0,0 +1,503 @@ + +#include +#include +#include +#include +#include +#include +#include + +struct dnsheader { + unsigned id :16; /* query identification number */ +#if BYTE_ORDER == BIG_ENDIAN + /* fields in third byte */ + unsigned qr: 1; /* response flag */ + unsigned opcode: 4; /* purpose of message */ + unsigned aa: 1; /* authoritative answer */ + unsigned tc: 1; /* truncated message */ + unsigned rd: 1; /* recursion desired */ + /* fields in fourth byte */ + unsigned ra: 1; /* recursion available */ + unsigned unused :1; /* unused bits (MBZ as of 4.9.3a3) */ + unsigned ad: 1; /* authentic data from named */ + unsigned cd: 1; /* checking disabled by resolver */ + unsigned rcode :4; /* response code */ +#elif BYTE_ORDER == LITTLE_ENDIAN || BYTE_ORDER == PDP_ENDIAN + /* fields in third byte */ + unsigned rd :1; /* recursion desired */ + unsigned tc :1; /* truncated message */ + unsigned aa :1; /* authoritative answer */ + unsigned opcode :4; /* purpose of message */ + unsigned qr :1; /* response flag */ + /* fields in fourth byte */ + unsigned rcode :4; /* response code */ + unsigned cd: 1; /* checking disabled by resolver */ + unsigned ad: 1; /* authentic data from named */ + unsigned unused :1; /* unused bits (MBZ as of 4.9.3a3) */ + unsigned ra :1; /* recursion available */ +#endif + /* remaining bytes */ + unsigned qdcount :16; /* number of question entries */ + unsigned ancount :16; /* number of answer entries */ + unsigned nscount :16; /* number of authority entries */ + unsigned arcount :16; /* number of resource entries */ +}; + +struct QNameKey +{ + uint8_t qname[255]; +}; + +struct KeyV6 +{ + uint8_t src[16]; +}; + +struct QNameValue +{ + u64 counter; + u16 qtype; +}; + +BPF_TABLE("hash", u32, u64, v4filter, 1024); +BPF_TABLE("hash", struct KeyV6, u64, v6filter, 1024); +BPF_TABLE("hash", struct QNameKey, struct QNameValue, qnamefilter, 1024); +BPF_TABLE("prog", int, int, progsarray, 1); + +int bpf_qname_filter(struct __sk_buff *skb) +{ + uint32_t qname_off = skb->cb[0]; + ssize_t labellen = skb->cb[3]; + size_t idx = 2; + struct QNameKey qkey = { 0 }; + u32 val = skb->cb[1]; + if (val) { + qkey.qname[0] = val; + } + val = skb->cb[2]; + if (val) { + qkey.qname[1] = val; + } + uint8_t temp; + +#define FILL_ONE_KEY \ + temp = load_byte(skb, qname_off + idx); \ + labellen--; \ + if (labellen < 0) { \ + labellen = temp; \ + if (labellen == 0) { \ + goto end; \ + } \ + } else if (temp >= 'A' && temp <= 'Z') { \ + temp += ('a' - 'A'); \ + } \ + qkey.qname[idx] = temp; \ + idx++; + + /* 2 - 52 */ + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + /* 52 - 102 */ + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + /* 102 - 152 */ + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + /* 152 - 202 */ + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + /* 202 - 252 */ + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + FILL_ONE_KEY + + /* 252 - 254 */ + FILL_ONE_KEY + FILL_ONE_KEY + + /* the only value that makes sense for + qkey.qname[255] is 0, and it's already + there */ + end: + + { + idx++; + u16 qtype = load_half(skb, (qname_off + idx)); + + struct QNameValue* qvalue = qnamefilter.lookup(&qkey); + if (qvalue && + (qvalue->qtype == 255 || qtype == qvalue->qtype)) { + __sync_fetch_and_add(&qvalue->counter, 1); + return 0; + } + } + + return 2147483647; +} + +int bpf_dns_filter(struct __sk_buff *skb) { + u8 ip_proto; + int proto_off; + /* nh_off will contain a negative offset, used in BPF to get access to + the MAC/network layers, as positive values are used to get access to + the transport layer */ + int nh_off = BPF_LL_OFF + ETH_HLEN; + + if (skb->protocol == ntohs(0x0800)) { + u32 key; + int off = nh_off + offsetof(struct iphdr, saddr); + key = load_word(skb, off); + + u64* counter = v4filter.lookup(&key); + if (counter) { + __sync_fetch_and_add(counter, 1); + return 0; + } + + ip_proto = load_byte(skb, nh_off + offsetof(struct iphdr, protocol)); + proto_off = nh_off + sizeof(struct iphdr); + } + else if (skb->protocol == ntohs(0x86DD)) { + struct KeyV6 key; + int off = nh_off + offsetof(struct ipv6hdr, saddr); + key.src[0] = load_byte(skb, off++); + key.src[1] = load_byte(skb, off++); + key.src[2] = load_byte(skb, off++); + key.src[3] = load_byte(skb, off++); + key.src[4] = load_byte(skb, off++); + key.src[5] = load_byte(skb, off++); + key.src[6] = load_byte(skb, off++); + key.src[7] = load_byte(skb, off++); + key.src[8] = load_byte(skb, off++); + key.src[9] = load_byte(skb, off++); + key.src[10] = load_byte(skb, off++); + key.src[11] = load_byte(skb, off++); + key.src[12] = load_byte(skb, off++); + key.src[13] = load_byte(skb, off++); + key.src[14] = load_byte(skb, off++); + key.src[15] = load_byte(skb, off++); + + u64* counter = v6filter.lookup(&key); + if (counter) { + __sync_fetch_and_add(counter, 1); + return 0; + } + + ip_proto = load_byte(skb, nh_off + offsetof(struct ipv6hdr, nexthdr)); + proto_off = nh_off + sizeof(struct ipv6hdr); + } + else { + /* neither IPv4 not IPv6, well */ + return 2147483647; + } + + /* allow TCP */ + if (ip_proto == IPPROTO_TCP) { + return 2147483647; + } + + struct QNameKey qkey = { 0 }; + /* switch to positive offsets here, as we have seen some issues + when accessing the content of the transport layer with negative offsets + https://github.com/PowerDNS/pdns/issues/9626 */ + int dns_off = sizeof(struct udphdr); + int qname_off = dns_off + sizeof(struct dnsheader); + skb->cb[0] = (uint32_t) qname_off; + u16 qtype; + + uint8_t temp = load_byte(skb, qname_off); + if (temp > 63) { + return 0; + } + + if (temp == 0) { + /* root, nothing else to see */ + qtype = load_half(skb, (qname_off + 1)); + + struct QNameValue* qvalue = qnamefilter.lookup(&qkey); + if (qvalue && + (qvalue->qtype == 255 || qtype == qvalue->qtype)) { + __sync_fetch_and_add(&qvalue->counter, 1); + return 0; + } + return 2147483647; + } + + ssize_t labellen = temp; + skb->cb[1] = temp; + qkey.qname[0] = temp; + + temp = load_byte(skb, qname_off + 1); + labellen--; + if (temp >= 'A' && temp <= 'Z') { + temp += ('a' - 'A'); + } + skb->cb[2] = temp; + skb->cb[3] = labellen; + progsarray.call(skb, 0); + + return 2147483647; +} diff --git a/bpf-filter.hh b/bpf-filter.hh new file mode 100644 index 0000000..a8e2f5c --- /dev/null +++ b/bpf-filter.hh @@ -0,0 +1,124 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once +#include "config.h" + +#include "iputils.hh" +#include "lock.hh" + +class BPFFilter +{ +public: + enum class MapType : uint8_t { + IPv4, + IPv6, + QNames, + Filters + }; + + enum class MapFormat : uint8_t { + Legacy = 0, + WithActions = 1 + }; + + enum class MatchAction : uint8_t { + Pass = 0, + Drop = 1, + Truncate = 2 + }; + + struct MapConfiguration + { + std::string d_pinnedPath; + uint32_t d_maxItems{0}; + MapType d_type; + }; + + + BPFFilter(const BPFFilter::MapConfiguration& v4, const BPFFilter::MapConfiguration& v6, const BPFFilter::MapConfiguration& qnames, BPFFilter::MapFormat format, bool external); + BPFFilter(const BPFFilter&) = delete; + BPFFilter(BPFFilter&&) = delete; + BPFFilter& operator=(const BPFFilter&) = delete; + BPFFilter& operator=(BPFFilter&&) = delete; + + void addSocket(int sock); + void removeSocket(int sock); + void block(const ComboAddress& addr, MatchAction action); + void block(const DNSName& qname, MatchAction action, uint16_t qtype=255); + void unblock(const ComboAddress& addr); + void unblock(const DNSName& qname, uint16_t qtype=255); + + std::vector > getAddrStats(); + std::vector > getQNameStats(); + + uint64_t getHits(const ComboAddress& requestor); + + bool supportsMatchAction(MatchAction action) const; + bool isExternal() const; + +private: +#ifdef HAVE_EBPF + struct Map + { + Map() + { + } + Map(const MapConfiguration&, MapFormat); + MapConfiguration d_config; + uint32_t d_count{0}; + FDWrapper d_fd; + }; + + struct Maps + { + Map d_v4; + Map d_v6; + Map d_qnames; + /* The qname filter program held in d_qnamefilter is + stored in an eBPF map, so we can call it from the + main filter. This is the only entry in that map. */ + Map d_filters; + }; + + LockGuarded d_maps; + + /* main eBPF program */ + FDWrapper d_mainfilter; + /* qname filtering program */ + FDWrapper d_qnamefilter; + + /* whether the maps are in the 'old' format, which we need + to keep to prevent going over the 4k instructions per eBPF + program limit in kernels < 5.2, as well as the complexity limit: + - 32k in Linux 3.18 + - 64k in Linux 4.7 + - 96k in Linux 4.12 + - 128k in Linux 4.14, + - 1M in Linux 5.2 */ + MapFormat d_mapFormat; + + /* whether the filter is internal, using our own eBPF programs, + or external where we only update the maps but the filtering is + done by an external program. */ + bool d_external; +#endif /* HAVE_EBPF */ +}; diff --git a/bpf-filter.main.ebpf b/bpf-filter.main.ebpf new file mode 100644 index 0000000..4b42a2e --- /dev/null +++ b/bpf-filter.main.ebpf @@ -0,0 +1,136 @@ +/* generated from the bpf_dns_filter() function in bpf-filter.ebpf.src */ +BPF_MOV64_REG(BPF_REG_6,BPF_REG_1), +BPF_MOV64_IMM(BPF_REG_7,2147483647), +BPF_LDX_MEM(BPF_W,BPF_REG_1,BPF_REG_6,16), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,ntohs(0x86dd),11), +BPF_JMP_IMM(BPF_JNE,BPF_REG_1,ntohs(0x0800),109), +BPF_LD_ABS(BPF_W,-2097126), +BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_0,-256), +BPF_LD_MAP_FD(BPF_REG_1,maps->d_v4.d_fd.getHandle()), +BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), +BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), +BPF_JMP_IMM(BPF_JNE,BPF_REG_0,0,98), +BPF_LD_ABS(BPF_B,-2097129), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,39), +BPF_LD_ABS(BPF_B,-2097130), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-256), +BPF_LD_ABS(BPF_B,-2097129), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-255), +BPF_LD_ABS(BPF_B,-2097128), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-254), +BPF_LD_ABS(BPF_B,-2097127), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-253), +BPF_LD_ABS(BPF_B,-2097126), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-252), +BPF_LD_ABS(BPF_B,-2097125), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-251), +BPF_LD_ABS(BPF_B,-2097124), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-250), +BPF_LD_ABS(BPF_B,-2097123), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-249), +BPF_LD_ABS(BPF_B,-2097122), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-248), +BPF_LD_ABS(BPF_B,-2097121), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-247), +BPF_LD_ABS(BPF_B,-2097120), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-246), +BPF_LD_ABS(BPF_B,-2097119), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-245), +BPF_LD_ABS(BPF_B,-2097118), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-244), +BPF_LD_ABS(BPF_B,-2097117), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-243), +BPF_LD_ABS(BPF_B,-2097116), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-242), +BPF_LD_ABS(BPF_B,-2097115), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-241), +BPF_LD_MAP_FD(BPF_REG_1,maps->d_v6.d_fd.getHandle()), +BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), +BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), +BPF_JMP_IMM(BPF_JNE,BPF_REG_0,0,58), +BPF_LD_ABS(BPF_B,-2097132), +BPF_ALU64_IMM(BPF_AND,BPF_REG_0,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,6,58), +BPF_MOV64_IMM(BPF_REG_1,0), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-2), +BPF_STX_MEM(BPF_H,BPF_REG_10,BPF_REG_1,-4), +BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_1,-8), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-16), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-24), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-32), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-40), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-48), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-56), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-64), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-72), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-80), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-88), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-96), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-104), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-112), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-120), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-128), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-136), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-144), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-152), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-160), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-168), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-176), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-184), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-192), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-200), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-208), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-216), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-224), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-232), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-240), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-248), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-256), +BPF_MOV64_IMM(BPF_REG_1,20), +BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_1,48), +BPF_LD_ABS(BPF_B,20), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_MOV64_IMM(BPF_REG_7,0), +BPF_JMP_IMM(BPF_JGT,BPF_REG_8,63,17), +BPF_JMP_IMM(BPF_JNE,BPF_REG_8,0,18), +BPF_LD_ABS(BPF_H,21), +BPF_MOV64_REG(BPF_REG_6,BPF_REG_0), +BPF_LD_MAP_FD(BPF_REG_1,maps->d_qnames.d_fd.getHandle()), +BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), +BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), +BPF_MOV64_IMM(BPF_REG_7,2147483647), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,7), +BPF_LDX_MEM(BPF_H,BPF_REG_1,BPF_REG_0,8), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,255,2), +BPF_ALU64_IMM(BPF_AND,BPF_REG_6,65535), +BPF_JMP_REG(BPF_JNE,BPF_REG_1,BPF_REG_6,3), +BPF_MOV64_IMM(BPF_REG_1,1), +BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_0,BPF_REG_1,0,0), +BPF_MOV64_IMM(BPF_REG_7,0), +BPF_MOV64_REG(BPF_REG_0,BPF_REG_7), +BPF_EXIT_INSN(), +BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,52), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_8,-256), +BPF_LD_ABS(BPF_B,21), +BPF_MOV64_REG(BPF_REG_2,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-65), +BPF_ALU64_IMM(BPF_LSH,BPF_REG_2,32), +BPF_ALU64_IMM(BPF_RSH,BPF_REG_2,32), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,32), +BPF_MOV64_IMM(BPF_REG_3,26), +BPF_JMP_REG(BPF_JGT,BPF_REG_3,BPF_REG_2,1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_8,60), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_STX_MEM(BPF_W,BPF_REG_6,BPF_REG_1,56), +BPF_LD_MAP_FD(BPF_REG_2,maps->d_filters.d_fd.getHandle()), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_6), +BPF_MOV64_IMM(BPF_REG_3,0), +BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_tail_call), +BPF_MOV64_IMM(BPF_REG_7,2147483647), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,-25), diff --git a/bpf-filter.qname.ebpf b/bpf-filter.qname.ebpf new file mode 100644 index 0000000..c7d6094 --- /dev/null +++ b/bpf-filter.qname.ebpf @@ -0,0 +1,4095 @@ +/* generated from the bpf_qname_filter() function in bpf-filter.ebpf.src */ +BPF_MOV64_REG(BPF_REG_6,BPF_REG_1), +BPF_LDX_MEM(BPF_W,BPF_REG_8,BPF_REG_6,60), +BPF_LDX_MEM(BPF_W,BPF_REG_7,BPF_REG_6,48), +BPF_MOV64_IMM(BPF_REG_1,0), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-2), +BPF_STX_MEM(BPF_H,BPF_REG_10,BPF_REG_1,-4), +BPF_STX_MEM(BPF_W,BPF_REG_10,BPF_REG_1,-8), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-16), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-24), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-32), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-40), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-48), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-56), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-64), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-72), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-80), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-88), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-96), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-104), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-112), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-120), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-128), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-136), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-144), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-152), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-160), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-168), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-176), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-184), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-192), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-200), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-208), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-216), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-224), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-232), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-240), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-248), +BPF_STX_MEM(BPF_DW,BPF_REG_10,BPF_REG_1,-256), +BPF_LDX_MEM(BPF_W,BPF_REG_1,BPF_REG_6,52), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,0,1), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-256), +BPF_LDX_MEM(BPF_W,BPF_REG_1,BPF_REG_6,56), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,0,1), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_1,-255), +BPF_MOV64_REG(BPF_REG_2,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,2), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_2,0,0), +BPF_JMP_IMM(BPF_JNE,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,3), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,4024), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-254), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,3), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,4), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,4008), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-253), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,4), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,5), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3992), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-252), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,5), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,6), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3976), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-251), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,6), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,7), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3960), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-250), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,7), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,8), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3944), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-249), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,8), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,9), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3928), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-248), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,9), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,10), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3912), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-247), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,10), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,11), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3896), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-246), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,11), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,12), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3880), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-245), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,12), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,13), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3864), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-244), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,13), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,14), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3848), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-243), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,14), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,15), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3832), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-242), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,15), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,16), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3816), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-241), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,16), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,17), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3800), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-240), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,17), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,18), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3784), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-239), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,18), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,19), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3768), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-238), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,19), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,20), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3752), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-237), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,20), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,21), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3736), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-236), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,21), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,22), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3720), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-235), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,22), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,23), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3704), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-234), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,23), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,24), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3688), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-233), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,24), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,25), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3672), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-232), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,25), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,26), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3656), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-231), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,26), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,27), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3640), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-230), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,27), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,28), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3624), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-229), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,28), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,29), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3608), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-228), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,29), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,30), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3592), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-227), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,30), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,31), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3576), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-226), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,31), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,32), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3560), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-225), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,32), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,33), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3544), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-224), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,33), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,34), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3528), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-223), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,34), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,35), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3512), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-222), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,35), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,36), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3496), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-221), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,36), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,37), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3480), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-220), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,37), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,38), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3464), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-219), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,38), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,39), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3448), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-218), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,39), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,40), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3432), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-217), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,40), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,41), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3416), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-216), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,41), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,42), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3400), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-215), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,42), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,43), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3384), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-214), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,43), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,44), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3368), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-213), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,44), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,45), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3352), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-212), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,45), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,46), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3336), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-211), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,46), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,47), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3320), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-210), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,47), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,48), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3304), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-209), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,48), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,49), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3288), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-208), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,49), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,50), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3272), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-207), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,50), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,51), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3256), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-206), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,51), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,52), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3240), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-205), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,52), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,53), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3224), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-204), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,53), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,54), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3208), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-203), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,54), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,55), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3192), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-202), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,55), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,56), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3176), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-201), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,56), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,57), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3160), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-200), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,57), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,58), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3144), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-199), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,58), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,59), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3128), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-198), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,59), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,60), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3112), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-197), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,60), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,61), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3096), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-196), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,61), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,62), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3080), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-195), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,62), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,63), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3064), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-194), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,63), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,64), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3048), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-193), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,64), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,65), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3032), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-192), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,65), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,66), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3016), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-191), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,66), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,67), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,3000), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-190), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,67), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,68), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2984), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-189), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,68), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,69), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2968), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-188), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,69), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,70), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2952), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-187), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,70), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,71), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2936), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-186), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,71), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,72), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2920), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-185), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,72), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,73), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2904), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-184), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,73), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,74), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2888), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-183), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,74), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,75), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2872), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-182), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,75), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,76), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2856), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-181), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,76), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,77), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2840), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-180), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,77), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,78), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2824), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-179), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,78), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,79), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2808), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-178), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,79), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,80), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2792), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-177), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,80), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,81), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2776), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-176), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,81), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,82), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2760), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-175), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,82), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,83), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2744), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-174), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,83), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,84), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2728), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-173), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,84), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,85), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2712), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-172), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,85), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,86), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2696), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-171), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,86), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,87), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2680), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-170), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,87), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,88), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2664), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-169), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,88), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,89), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2648), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-168), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,89), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,90), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2632), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-167), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,90), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,91), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2616), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-166), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,91), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,92), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2600), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-165), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,92), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,93), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2584), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-164), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,93), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,94), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2568), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-163), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,94), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,95), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2552), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-162), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,95), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,96), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2536), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-161), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,96), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,97), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2520), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-160), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,97), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,98), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2504), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-159), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,98), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,99), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2488), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-158), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,99), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,100), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2472), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-157), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,100), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,101), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2456), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-156), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,101), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,102), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2440), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-155), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,102), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,103), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2424), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-154), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,103), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,104), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2408), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-153), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,104), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,105), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2392), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-152), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,105), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,106), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2376), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-151), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,106), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,107), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2360), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-150), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,107), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,108), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2344), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-149), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,108), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,109), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2328), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-148), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,109), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,110), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2312), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-147), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,110), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,111), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2296), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-146), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,111), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,112), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2280), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-145), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,112), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,113), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2264), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-144), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,113), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,114), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2248), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-143), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,114), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,115), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2232), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-142), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,115), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,116), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2216), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-141), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,116), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,117), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2200), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-140), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,117), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,118), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2184), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-139), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,118), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,119), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2168), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-138), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,119), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,120), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2152), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-137), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,120), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,121), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2136), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-136), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,121), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,122), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2120), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-135), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,122), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,123), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2104), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-134), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,123), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,124), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2088), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-133), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,124), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,125), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2072), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-132), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,125), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,126), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2056), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-131), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,126), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,127), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2040), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-130), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,127), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,128), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2024), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-129), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,128), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,129), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,2008), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-128), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,129), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,130), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1992), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-127), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,130), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,131), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1976), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-126), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,131), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,132), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1960), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-125), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,132), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,133), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1944), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-124), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,133), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,134), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1928), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-123), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,134), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,135), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1912), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-122), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,135), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,136), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1896), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-121), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,136), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,137), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1880), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-120), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,137), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,138), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1864), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-119), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,138), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,139), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1848), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-118), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,139), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,140), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1832), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-117), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,140), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,141), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1816), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-116), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,141), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,142), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1800), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-115), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,142), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,143), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1784), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-114), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,143), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,144), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1768), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-113), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,144), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,145), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1752), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-112), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,145), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,146), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1736), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-111), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,146), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,147), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1720), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-110), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,147), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,148), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1704), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-109), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,148), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,149), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1688), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-108), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,149), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,150), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1672), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-107), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,150), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,151), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1656), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-106), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,151), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,152), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1640), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-105), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,152), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,153), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1624), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-104), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,153), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,154), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1608), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-103), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,154), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,155), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1592), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-102), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,155), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,156), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1576), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-101), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,156), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,157), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1560), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-100), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,157), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,158), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1544), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-99), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,158), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,159), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1528), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-98), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,159), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,160), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1512), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-97), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,160), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,161), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1496), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-96), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,161), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,162), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1480), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-95), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,162), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,163), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1464), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-94), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,163), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,164), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1448), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-93), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,164), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,165), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1432), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-92), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,165), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,166), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1416), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-91), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,166), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,167), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1400), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-90), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,167), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,168), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1384), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-89), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,168), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,169), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1368), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-88), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,169), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,170), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1352), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-87), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,170), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,171), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1336), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-86), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,171), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,172), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1320), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-85), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,172), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,173), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1304), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-84), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,173), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,174), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1288), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-83), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,174), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,175), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1272), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-82), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,175), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,176), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1256), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-81), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,176), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,177), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1240), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-80), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,177), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,178), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1224), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-79), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,178), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,179), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1208), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-78), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,179), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,180), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1192), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-77), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,180), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,181), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1176), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-76), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,181), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,182), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1160), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-75), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,182), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,183), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1144), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-74), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,183), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,184), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1128), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-73), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,184), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,185), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1112), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-72), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,185), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,186), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1096), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-71), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,186), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,187), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1080), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-70), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,187), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,188), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1064), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-69), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,188), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,189), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1048), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-68), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,189), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,190), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1032), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-67), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,190), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,191), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1016), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-66), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,191), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,192), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,1000), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-65), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,192), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,193), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,984), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-64), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,193), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,194), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,968), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-63), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,194), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,195), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,952), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-62), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,195), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,196), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,936), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-61), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,196), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,197), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,920), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-60), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,197), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,198), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,904), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-59), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,198), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,199), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,888), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-58), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,199), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,200), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,872), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-57), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,200), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,201), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,856), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-56), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,201), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,202), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,840), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-55), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,202), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,203), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,824), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-54), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,203), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,204), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,808), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-53), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,204), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,205), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,792), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-52), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,205), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,206), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,776), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-51), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,206), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,207), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,760), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-50), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,207), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,208), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,744), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-49), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,208), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,209), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,728), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-48), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,209), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,210), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,712), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-47), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,210), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,211), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,696), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-46), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,211), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,212), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,680), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-45), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,212), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,213), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,664), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-44), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,213), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,214), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,648), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-43), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,214), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,215), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,632), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-42), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,215), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,216), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,616), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-41), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,216), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,217), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,600), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-40), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,217), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,218), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,584), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-39), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,218), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,219), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,568), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-38), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,219), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,220), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,552), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-37), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,220), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,221), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,536), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-36), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,221), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,222), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,520), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-35), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,222), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,223), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,504), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-34), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,223), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,224), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,488), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-33), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,224), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,225), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,472), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-32), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,225), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,226), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,456), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-31), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,226), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,227), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,440), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-30), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,227), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,228), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,424), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-29), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,228), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,229), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,408), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-28), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,229), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,230), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,392), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-27), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,230), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,231), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,376), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-26), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,231), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,232), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,360), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-25), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,232), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,233), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,344), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-24), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,233), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,234), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,328), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-23), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,234), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,235), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,312), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-22), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,235), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,236), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,296), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-21), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,236), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,237), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,280), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-20), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,237), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,238), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,264), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-19), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,238), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,239), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,248), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-18), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,239), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,240), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,232), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-17), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,240), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,241), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,216), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-16), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,241), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,242), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,200), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-15), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,242), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,243), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,184), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-14), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,243), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,244), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,168), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-13), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,244), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,245), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,152), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-12), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,245), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,246), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,136), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-11), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,246), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,247), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,120), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-10), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,247), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,248), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,104), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-9), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,248), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,249), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,88), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-8), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,249), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,250), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,72), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-7), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,250), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,251), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,56), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-6), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,251), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,252), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,40), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-5), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,252), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,253), +BPF_MOV64_REG(BPF_REG_8,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_8,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_8,0,24), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,6), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_8,-1), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-4), +BPF_MOV64_REG(BPF_REG_9,BPF_REG_7), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_9,253), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_B,BPF_REG_0,BPF_REG_9,0,0), +BPF_JMP_IMM(BPF_JSGT,BPF_REG_8,0,5), +BPF_MOV64_IMM(BPF_REG_9,254), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_1,0,8), +BPF_JMP_IMM(BPF_JA,BPF_REG_0,0,5), +BPF_MOV64_REG(BPF_REG_1,BPF_REG_0), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_1,-65), +BPF_ALU64_IMM(BPF_AND,BPF_REG_1,255), +BPF_JMP_IMM(BPF_JGT,BPF_REG_1,25,1), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_0,32), +BPF_STX_MEM(BPF_B,BPF_REG_10,BPF_REG_0,-3), +BPF_MOV64_IMM(BPF_REG_9,255), +BPF_ALU64_REG(BPF_ADD,BPF_REG_9,BPF_REG_7), +BPF_RAW_INSN(BPF_LD|BPF_IND|BPF_H,BPF_REG_0,BPF_REG_9,0,0), +BPF_MOV64_REG(BPF_REG_6,BPF_REG_0), +BPF_LD_MAP_FD(BPF_REG_1,maps->d_qnames.d_fd.getHandle()), +BPF_MOV64_REG(BPF_REG_2,BPF_REG_10), +BPF_ALU64_IMM(BPF_ADD,BPF_REG_2,-256), +BPF_RAW_INSN(BPF_JMP|BPF_CALL,0,0,0,BPF_FUNC_map_lookup_elem), +BPF_MOV64_IMM(BPF_REG_1,2147483647), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_0,0,7), +BPF_LDX_MEM(BPF_H,BPF_REG_2,BPF_REG_0,8), +BPF_JMP_IMM(BPF_JEQ,BPF_REG_2,255,2), +BPF_ALU64_IMM(BPF_AND,BPF_REG_6,65535), +BPF_JMP_REG(BPF_JNE,BPF_REG_6,BPF_REG_2,3), +BPF_MOV64_IMM(BPF_REG_1,1), +BPF_RAW_INSN(BPF_STX|BPF_XADD|BPF_DW,BPF_REG_0,BPF_REG_1,0,0), +BPF_MOV64_IMM(BPF_REG_1,0), +BPF_MOV64_REG(BPF_REG_0,BPF_REG_1), +BPF_EXIT_INSN(), diff --git a/builder-support/gen-version b/builder-support/gen-version new file mode 100755 index 0000000..c2a56b4 --- /dev/null +++ b/builder-support/gen-version @@ -0,0 +1,77 @@ +#!/bin/sh +if [ ! -z "${BUILDER_VERSION}" ]; then + printf ${BUILDER_VERSION} + exit 0 +fi + +VERSION="unknown" + +DIRTY="" +git status | grep -q clean || DIRTY='.dirty' + +# Special environment variable to signal that we are building a release, as this +# has consequenses for the version number. +if [ "${IS_RELEASE}" = "YES" ]; then + TAG="$(git describe --tags --exact-match 2> /dev/null | cut -d- -f 2-)" + if [ -n "${TAG}" ]; then + # We're on a tag + echo "${TAG}${DIRTY}" > .version + printf "${TAG}${DIRTY}" + exit 0 + fi + echo 'This is not a tag, either tag this commit or do not set $IS_RELEASE' >&2 + exit 1 +fi + +# +# Generate the version number based on the branch +# +if [ ! -z "$(git rev-parse --abbrev-ref HEAD 2> /dev/null)" ]; then + if [ -n "${BUILDER_MODULES}" ]; then + match=${BUILDER_MODULES} + [ $match = "authoritative" ] && match='auth' + [ $match = "recursor" ] && match='rec' + GIT_VERSION="$(git describe --match=${match}-* --tags | cut -d- -f2-)" + if [ $(echo ${GIT_VERSION} | awk -F"-" '{print NF-1}') = '3' ]; then + # A prerelease happened before + LAST_TAG="$(echo ${GIT_VERSION} | cut -d- -f1-2)" + COMMITS_SINCE_TAG="$(echo ${GIT_VERSION} | cut -d- -f3)" + GIT_HASH="$(echo ${GIT_VERSION} | cut -d- -f4)" + elif [ $(echo ${GIT_VERSION} | awk -F"-" '{print NF-1}') = '1' ]; then + # Exactly on a pre-release + LAST_TAG="$(echo ${GIT_VERSION} | cut -d- -f1-2)" + else + LAST_TAG="$(echo ${GIT_VERSION} | cut -d- -f1)" + COMMITS_SINCE_TAG="$(echo ${GIT_VERSION} | cut -d- -f2)" + GIT_HASH="$(echo ${GIT_VERSION} | cut -d- -f3)" + fi + fi + + if [ -z "${GIT_VERSION}" ]; then + # BUILDER_SUPPORT has more than one product listed, fall back to the 0.0.0 logic + + # We used 0.0.XXXXgHASH for master in the previous incarnation of our build pipeline. + # This now becomes 0.0.XXXX.0.gHASH, as 0.0.0.XXXX.gHASH (which is more correct) + # would break upgrades for those running master + # This _should_ be ok for forever is we stick to X.Y.Z for version numbers + LAST_TAG=0.0 + COMMITS_SINCE_TAG="$(git rev-list --count 12c868770afc20b6cc0da439d881105151d557dd..HEAD 2> /dev/null).0" + [ "${COMMITS_SINCE_TAG}" = ".0" ] && COMMITS_SINCE_TAG=0.0 + GIT_HASH="g$(git rev-parse HEAD | cut -c1-10 2> /dev/null)" + fi + + BRANCH=".$(git rev-parse --abbrev-ref HEAD | perl -p -e 's/[^[:alnum:]]//g;')" + + TAG="$(git describe --tags --exact-match 2> /dev/null | cut -d- -f 2-)" + if [ -n "${TAG}" ]; then # We're exactly on a tag + COMMITS_SINCE_TAG="0" + GIT_HASH="g$(git show --no-patch --format=format:%h HEAD 2>/dev/null)" + if [ -z "$GIT_HASH" ]; then + GIT_HASH="g$(git show --format=format:%h HEAD | head -n1)" + fi + fi + + VERSION="${LAST_TAG}.${COMMITS_SINCE_TAG}${BRANCH}.${GIT_HASH}${DIRTY}" +fi + +printf $VERSION diff --git a/cachecleaner.hh b/cachecleaner.hh new file mode 100644 index 0000000..f3af11a --- /dev/null +++ b/cachecleaner.hh @@ -0,0 +1,262 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include + +#include "dnsname.hh" +#include "lock.hh" + +// this function can clean any cache that has a getTTD() method on its entries, a preRemoval() method and a 'sequence' index as its second index +// the ritual is that the oldest entries are in *front* of the sequence collection, so on a hit, move an item to the end +// on a miss, move it to the beginning +template void pruneCollection(C& container, T& collection, size_t maxCached, size_t scanFraction = 1000) +{ + const time_t now = time(0); + size_t toTrim = 0; + const size_t cacheSize = collection.size(); + + if (cacheSize > maxCached) { + toTrim = cacheSize - maxCached; + } + + auto& sidx = collection.template get(); + + // two modes - if toTrim is 0, just look through 1/scanFraction of all records + // and nuke everything that is expired + // otherwise, scan first 5*toTrim records, and stop once we've nuked enough + const size_t lookAt = toTrim ? 5 * toTrim : cacheSize / scanFraction; + size_t tried = 0, erased = 0; + + for (auto iter = sidx.begin(); iter != sidx.end() && tried < lookAt ; ++tried) { + if (iter->getTTD() < now) { + iter = sidx.erase(iter); + erased++; + } + else { + ++iter; + } + + if (toTrim && erased >= toTrim) { + break; + } + } + + if (erased >= toTrim) { // done + return; + } + + toTrim -= erased; + + // just lob it off from the beginning + auto iter = sidx.begin(); + for (size_t i = 0; i < toTrim && iter != sidx.end(); i++) { + iter = sidx.erase(iter); + } +} + +// note: this expects iterator from first index +template void moveCacheItemToFrontOrBack(T& collection, typename T::iterator& iter, bool front) +{ + typedef typename T::template index::type sequence_t; + sequence_t& sidx=collection.template get(); + typename sequence_t::iterator si=collection.template project(iter); + if(front) + sidx.relocate(sidx.begin(), si); // at the beginning of the delete queue + else + sidx.relocate(sidx.end(), si); // back +} + +template void moveCacheItemToFront(T& collection, typename T::iterator& iter) +{ + moveCacheItemToFrontOrBack(collection, iter, true); +} + +template void moveCacheItemToBack(T& collection, typename T::iterator& iter) +{ + moveCacheItemToFrontOrBack(collection, iter, false); +} + +template uint64_t pruneLockedCollectionsVector(std::vector& maps) +{ + uint64_t totErased = 0; + time_t now = time(nullptr); + + for(auto& mc : maps) { + auto map = mc.d_map.write_lock(); + + uint64_t lookAt = (map->size() + 9) / 10; // Look at 10% of this shard + uint64_t erased = 0; + + auto& sidx = boost::multi_index::get(*map); + for(auto i = sidx.begin(); i != sidx.end() && lookAt > 0; lookAt--) { + if(i->ttd < now) { + i = sidx.erase(i); + erased++; + } else { + ++i; + } + } + totErased += erased; + } + + return totErased; +} + +template uint64_t pruneMutexCollectionsVector(C& container, std::vector& maps, uint64_t maxCached, uint64_t cacheSize) +{ + time_t now = time(nullptr); + uint64_t totErased = 0; + uint64_t toTrim = 0; + uint64_t lookAt = 0; + + // two modes - if toTrim is 0, just look through 10% of the cache and nuke everything that is expired + // otherwise, scan first 5*toTrim records, and stop once we've nuked enough + if (cacheSize > maxCached) { + toTrim = cacheSize - maxCached; + lookAt = 5 * toTrim; + } else { + lookAt = cacheSize / 10; + } + + uint64_t maps_size = maps.size(); + if (maps_size == 0) { + return 0; + } + + for (auto& content : maps) { + auto mc = content.lock(); + mc->invalidate(); + auto& sidx = boost::multi_index::get(mc->d_map); + uint64_t erased = 0, lookedAt = 0; + for (auto i = sidx.begin(); i != sidx.end(); lookedAt++) { + if (i->getTTD() < now) { + container.preRemoval(*mc, *i); + i = sidx.erase(i); + erased++; + --content.d_entriesCount; + } else { + ++i; + } + + if (toTrim && erased >= toTrim / maps_size) + break; + + if (lookedAt > lookAt / maps_size) + break; + } + totErased += erased; + if (toTrim && totErased >= toTrim) + break; + } + + if (totErased >= toTrim) { // done + return totErased; + } + + toTrim -= totErased; + + while (true) { + size_t pershard = toTrim / maps_size + 1; + for (auto& content : maps) { + auto mc = content.lock(); + mc->invalidate(); + auto& sidx = boost::multi_index::get(mc->d_map); + size_t removed = 0; + for (auto i = sidx.begin(); i != sidx.end() && removed < pershard; removed++) { + container.preRemoval(*mc, *i); + i = sidx.erase(i); + --content.d_entriesCount; + totErased++; + toTrim--; + if (toTrim == 0) { + return totErased; + } + } + } + } + // Not reached + return totErased; +} + +template uint64_t purgeLockedCollectionsVector(std::vector& maps) +{ + uint64_t delcount=0; + + for(auto& mc : maps) { + auto map = mc.d_map.write_lock(); + delcount += map->size(); + map->clear(); + } + + return delcount; +} + +template uint64_t purgeLockedCollectionsVector(std::vector& maps, const std::string& match) +{ + uint64_t delcount=0; + std::string prefix(match); + prefix.resize(prefix.size()-1); + DNSName dprefix(prefix); + for(auto& mc : maps) { + auto map = mc.d_map.write_lock(); + auto& idx = boost::multi_index::get(*map); + auto iter = idx.lower_bound(dprefix); + auto start = iter; + + for(; iter != idx.end(); ++iter) { + if(!iter->qname.isPartOf(dprefix)) { + break; + } + delcount++; + } + idx.erase(start, iter); + } + + return delcount; +} + +template uint64_t purgeExactLockedCollection(T& mc, const DNSName& qname) +{ + uint64_t delcount=0; + auto map = mc.d_map.write_lock(); + auto& idx = boost::multi_index::get(*map); + auto range = idx.equal_range(qname); + if(range.first != range.second) { + delcount += distance(range.first, range.second); + idx.erase(range.first, range.second); + } + + return delcount; +} + +template +bool lruReplacingInsert(Index& i, const typename Index::value_type& x) +{ + auto inserted = i.insert(x); + if (!inserted.second) { + moveCacheItemToBack(i, inserted.first); + i.replace(inserted.first, x); + return false; + } + return true; +} diff --git a/capabilities.cc b/capabilities.cc new file mode 100644 index 0000000..534d665 --- /dev/null +++ b/capabilities.cc @@ -0,0 +1,75 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include +#include + +#ifdef HAVE_LIBCAP +#include +#endif + +#include "capabilities.hh" +#include "misc.hh" + +void dropCapabilities(std::set capabilitiesToKeep) +{ +#ifdef HAVE_LIBCAP + cap_t caps = cap_get_proc(); + if (caps != nullptr) { + cap_clear(caps); + + if (!capabilitiesToKeep.empty()) { + std::vector toKeep; + toKeep.reserve(capabilitiesToKeep.size()); + + for (const auto& capToKeep : capabilitiesToKeep) { + cap_value_t value; + int res = cap_from_name(capToKeep.c_str(), &value); + if (res != 0) { + cap_free(caps); + throw std::runtime_error("Unable to convert capability name '" + capToKeep + "': " + stringerror()); + } + toKeep.push_back(value); + } + + if (cap_set_flag(caps, CAP_EFFECTIVE, toKeep.size(), toKeep.data(), CAP_SET) != 0) { + cap_free(caps); + throw std::runtime_error("Unable to set effective flag capabilities: " + stringerror()); + } + + if (cap_set_flag(caps, CAP_PERMITTED, toKeep.size(), toKeep.data(), CAP_SET) != 0) { + cap_free(caps); + throw std::runtime_error("Unable to set permitted flag capabilities: " + stringerror()); + } + } + + if (cap_set_proc(caps) != 0) { + cap_free(caps); + throw std::runtime_error("Unable to drop capabilities: " + stringerror()); + } + + cap_free(caps); + } +#endif /* HAVE_LIBCAP */ +} diff --git a/capabilities.hh b/capabilities.hh new file mode 100644 index 0000000..4d0b0de --- /dev/null +++ b/capabilities.hh @@ -0,0 +1,26 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include + +void dropCapabilities(std::set capabilitiesToKeep = {}); diff --git a/cdb.cc b/cdb.cc new file mode 100644 index 0000000..55ade93 --- /dev/null +++ b/cdb.cc @@ -0,0 +1,227 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include +#include +#include +#include + +#include "cdb.hh" + +CDB::CDB(const string &cdbfile) +{ + d_fd = open(cdbfile.c_str(), O_RDONLY); + if (d_fd < 0) + { + throw std::runtime_error("Failed to open cdb database file '"+cdbfile+"': " + stringerror()); + } + + memset(&d_cdbf,0,sizeof(struct cdb_find)); + int cdbinit = cdb_init(&d_cdb, d_fd); + if (cdbinit < 0) + { + close(d_fd); + d_fd = -1; + throw std::runtime_error("Failed to initialize cdb structure for database '+cdbfile+': '" + std::to_string(cdbinit) + "'"); + } +} + +CDB::~CDB() { + cdb_free(&d_cdb); + close(d_fd); +} + +int CDB::searchKey(const string &key) { + d_searchType = SearchKey; + + // A 'bug' in tinycdb (the lib used for reading the CDB files) means we have to copy the key because the cdb_find struct + // keeps a pointer to it. + d_key = key; + return cdb_findinit(&d_cdbf, &d_cdb, d_key.c_str(), d_key.size()); +} + +bool CDB::searchSuffix(const string &key) { + d_searchType = SearchSuffix; + + //See CDB::searchKey() + d_key = key; + + // We are ok with a search on things, but we do want to know if a record with that key exists......... + bool hasDomain = (cdb_find(&d_cdb, d_key.c_str(), d_key.size()) == 1); + if (hasDomain) { + cdb_seqinit(&d_seqPtr, &d_cdb); + } + + return hasDomain; +} + +void CDB::searchAll() { + d_searchType = SearchAll; + cdb_seqinit(&d_seqPtr, &d_cdb); +} + +bool CDB::moveToNext() { + int hasNext = 0; + if (d_searchType == SearchKey) { + hasNext = cdb_findnext(&d_cdbf); + } else { + hasNext = cdb_seqnext(&d_seqPtr, &d_cdb); + } + return (hasNext > 0); +} + +bool CDB::readNext(pair &value) { + while (moveToNext()) { + unsigned int pos; + unsigned int len; + + pos = cdb_keypos(&d_cdb); + len = cdb_keylen(&d_cdb); + + std::string key; + key.resize(len); + int ret = cdb_read(&d_cdb, &key[0], len, pos); + if (ret < 0) { + throw std::runtime_error("Error while reading key for key '" + key + "' from CDB database: " + std::to_string(ret)); + } + + if (d_searchType == SearchSuffix) { + char *p = strstr(const_cast(key.c_str()), d_key.c_str()); + if (p == nullptr) { + continue; + } + } + + pos = cdb_datapos(&d_cdb); + len = cdb_datalen(&d_cdb); + std::string val; + val.resize(len); + ret = cdb_read(&d_cdb, &val[0], len, pos); + if (ret < 0) { + throw std::runtime_error("Error while reading value for key '" + key + "' from CDB database: " + std::to_string(ret)); + } + + value = {std::move(key), std::move(val)}; + return true; + } + + // We're done searching, so we can clean up d_key + if (d_searchType != SearchAll) { + d_key.clear(); + } + + return false; +} + +vector CDB::findall(string &key) +{ + vector ret; + struct cdb_find cdbf; + + int res = cdb_findinit(&cdbf, &d_cdb, key.c_str(), key.size()); + if (res < 0) { + throw std::runtime_error("Error looking up key '" + key + "' from CDB database: " + std::to_string(res)); + } + + int x=0; + while(cdb_findnext(&cdbf) > 0) { + x++; + unsigned int vpos = cdb_datapos(&d_cdb); + unsigned int vlen = cdb_datalen(&d_cdb); + std::string val; + val.resize(vlen); + res = cdb_read(&d_cdb, &val[0], vlen, vpos); + if (res < 0) { + throw std::runtime_error("Error while reading value for key '" + key + "' from CDB database: " + std::to_string(res)); + } + ret.push_back(std::move(val)); + } + + return ret; +} + +bool CDB::keyExists(const string& key) +{ + int ret = cdb_find(&d_cdb, key.c_str(), key.size()); + if (ret < 0) { + throw std::runtime_error("Error while looking up key '" + key + "' from CDB database: " + std::to_string(ret)); + } + if (ret == 0) { + /* no such key */ + return false; + } + + return true; +} + +bool CDB::findOne(const string& key, string& value) +{ + if (!keyExists(key)) { + return false; + } + + unsigned int vpos = cdb_datapos(&d_cdb); + unsigned int vlen = cdb_datalen(&d_cdb); + value.resize(vlen); + int ret = cdb_read(&d_cdb, &value[0], vlen, vpos); + if (ret < 0) { + throw std::runtime_error("Error while reading value for key '" + key + "' from CDB database: " + std::to_string(ret)); + } + + return true; +} + +CDBWriter::CDBWriter(int fd): d_fd(fd) +{ + cdb_make_start(&d_cdbm, d_fd); +} + +CDBWriter::~CDBWriter() +{ + close(); +} + +void CDBWriter::close() +{ + if (d_fd >= 0) { + cdb_make_finish(&d_cdbm); + ::close(d_fd); + d_fd = -1; + } +} + +bool CDBWriter::addEntry(const std::string& key, const std::string& value) +{ + if (d_fd < 0) { + throw std::runtime_error("Can't add an entry to a closed CDB database"); + } + + int ret = cdb_make_add(&d_cdbm, key.c_str(), key.size(), value.c_str(), value.size()); + if (ret != 0) { + throw std::runtime_error("Error adding key '" + key + "' to CDB database: " + std::to_string(ret)); + } + + return true; +} diff --git a/cdb.hh b/cdb.hh new file mode 100644 index 0000000..c606958 --- /dev/null +++ b/cdb.hh @@ -0,0 +1,70 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once +#include + +#include "misc.hh" + +// This class is responsible for the reading of a CDB file. +// The constructor opens the CDB file, the destructor closes it, so make sure you call that. +class CDB +{ +public: + CDB(const string &cdbfile); + ~CDB(); + + /* Return negative value on error or non-negative value on success. + Values can be retrieved via readNext() */ + int searchKey(const string &key); + bool searchSuffix(const string &key); + void searchAll(); + bool readNext(pair &value); + vector findall(string &key); + bool keyExists(const string& key); + bool findOne(const string& key, string& value); + +private: + bool moveToNext(); + + int d_fd{-1}; + struct cdb d_cdb; + struct cdb_find d_cdbf; + std::string d_key; + unsigned d_seqPtr{0}; + enum SearchType { SearchSuffix, SearchKey, SearchAll } d_searchType{SearchKey}; +}; + +class CDBWriter +{ +public: + /* we own the fd after this call, don't ever touch it */ + CDBWriter(int fd); + ~CDBWriter(); + + bool addEntry(const std::string& key, const std::string& value); + /* finalize the database and close the fd, the only thing you can do now is to call the destructor */ + void close(); + +private: + struct cdb_make d_cdbm; + int d_fd{-1}; +}; diff --git a/circular_buffer.hh b/circular_buffer.hh new file mode 100644 index 0000000..eb1dbb9 --- /dev/null +++ b/circular_buffer.hh @@ -0,0 +1,38 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +// Disable the non-threadsafe debug code in boost::circular_buffer before 1.62 +#define BOOST_CB_DISABLE_DEBUG 1 + +// Make sure it is also disabled when >= 1.62 +#ifndef BOOST_CB_ENABLE_DEBUG +#define BOOST_CB_ENABLE_DEBUG 0 +#endif + +#if BOOST_CB_ENABLE_DEBUG +// https://github.com/boostorg/circular_buffer/pull/9 +// https://svn.boost.org/trac10/ticket/6277 +#error Building with BOOST_CB_ENABLE_DEBUG prevents accessing a boost::circular_buffer from more than one thread at once +#endif /* BOOST_CB_ENABLE_DEBUG */ + +#include diff --git a/compile b/compile new file mode 100755 index 0000000..99e5052 --- /dev/null +++ b/compile @@ -0,0 +1,348 @@ +#! /bin/sh +# Wrapper for compilers which do not understand '-c -o'. + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Written by Tom Tromey . +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# This file is maintained in Automake, please report +# bugs to or send patches to +# . + +nl=' +' + +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent tools from complaining about whitespace usage. +IFS=" "" $nl" + +file_conv= + +# func_file_conv build_file lazy +# Convert a $build file to $host form and store it in $file +# Currently only supports Windows hosts. If the determined conversion +# type is listed in (the comma separated) LAZY, no conversion will +# take place. +func_file_conv () +{ + file=$1 + case $file in + / | /[!/]*) # absolute file, and not a UNC file + if test -z "$file_conv"; then + # lazily determine how to convert abs files + case `uname -s` in + MINGW*) + file_conv=mingw + ;; + CYGWIN*) + file_conv=cygwin + ;; + *) + file_conv=wine + ;; + esac + fi + case $file_conv/,$2, in + *,$file_conv,*) + ;; + mingw/*) + file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` + ;; + cygwin/*) + file=`cygpath -m "$file" || echo "$file"` + ;; + wine/*) + file=`winepath -w "$file" || echo "$file"` + ;; + esac + ;; + esac +} + +# func_cl_dashL linkdir +# Make cl look for libraries in LINKDIR +func_cl_dashL () +{ + func_file_conv "$1" + if test -z "$lib_path"; then + lib_path=$file + else + lib_path="$lib_path;$file" + fi + linker_opts="$linker_opts -LIBPATH:$file" +} + +# func_cl_dashl library +# Do a library search-path lookup for cl +func_cl_dashl () +{ + lib=$1 + found=no + save_IFS=$IFS + IFS=';' + for dir in $lib_path $LIB + do + IFS=$save_IFS + if $shared && test -f "$dir/$lib.dll.lib"; then + found=yes + lib=$dir/$lib.dll.lib + break + fi + if test -f "$dir/$lib.lib"; then + found=yes + lib=$dir/$lib.lib + break + fi + if test -f "$dir/lib$lib.a"; then + found=yes + lib=$dir/lib$lib.a + break + fi + done + IFS=$save_IFS + + if test "$found" != yes; then + lib=$lib.lib + fi +} + +# func_cl_wrapper cl arg... +# Adjust compile command to suit cl +func_cl_wrapper () +{ + # Assume a capable shell + lib_path= + shared=: + linker_opts= + for arg + do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + eat=1 + case $2 in + *.o | *.[oO][bB][jJ]) + func_file_conv "$2" + set x "$@" -Fo"$file" + shift + ;; + *) + func_file_conv "$2" + set x "$@" -Fe"$file" + shift + ;; + esac + ;; + -I) + eat=1 + func_file_conv "$2" mingw + set x "$@" -I"$file" + shift + ;; + -I*) + func_file_conv "${1#-I}" mingw + set x "$@" -I"$file" + shift + ;; + -l) + eat=1 + func_cl_dashl "$2" + set x "$@" "$lib" + shift + ;; + -l*) + func_cl_dashl "${1#-l}" + set x "$@" "$lib" + shift + ;; + -L) + eat=1 + func_cl_dashL "$2" + ;; + -L*) + func_cl_dashL "${1#-L}" + ;; + -static) + shared=false + ;; + -Wl,*) + arg=${1#-Wl,} + save_ifs="$IFS"; IFS=',' + for flag in $arg; do + IFS="$save_ifs" + linker_opts="$linker_opts $flag" + done + IFS="$save_ifs" + ;; + -Xlinker) + eat=1 + linker_opts="$linker_opts $2" + ;; + -*) + set x "$@" "$1" + shift + ;; + *.cc | *.CC | *.cxx | *.CXX | *.[cC]++) + func_file_conv "$1" + set x "$@" -Tp"$file" + shift + ;; + *.c | *.cpp | *.CPP | *.lib | *.LIB | *.Lib | *.OBJ | *.obj | *.[oO]) + func_file_conv "$1" mingw + set x "$@" "$file" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift + done + if test -n "$linker_opts"; then + linker_opts="-link$linker_opts" + fi + exec "$@" $linker_opts + exit 1 +} + +eat= + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: compile [--help] [--version] PROGRAM [ARGS] + +Wrapper for compilers which do not understand '-c -o'. +Remove '-o dest.o' from ARGS, run PROGRAM with the remaining +arguments, and rename the output as expected. + +If you are trying to build a whole package this is not the +right script to run: please start by reading the file 'INSTALL'. + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "compile $scriptversion" + exit $? + ;; + cl | *[/\\]cl | cl.exe | *[/\\]cl.exe | \ + icl | *[/\\]icl | icl.exe | *[/\\]icl.exe ) + func_cl_wrapper "$@" # Doesn't return... + ;; +esac + +ofile= +cfile= + +for arg +do + if test -n "$eat"; then + eat= + else + case $1 in + -o) + # configure might choose to run compile as 'compile cc -o foo foo.c'. + # So we strip '-o arg' only if arg is an object. + eat=1 + case $2 in + *.o | *.obj) + ofile=$2 + ;; + *) + set x "$@" -o "$2" + shift + ;; + esac + ;; + *.c) + cfile=$1 + set x "$@" "$1" + shift + ;; + *) + set x "$@" "$1" + shift + ;; + esac + fi + shift +done + +if test -z "$ofile" || test -z "$cfile"; then + # If no '-o' option was seen then we might have been invoked from a + # pattern rule where we don't need one. That is ok -- this is a + # normal compilation that the losing compiler can handle. If no + # '.c' file was seen then we are probably linking. That is also + # ok. + exec "$@" +fi + +# Name of file we expect compiler to create. +cofile=`echo "$cfile" | sed 's|^.*[\\/]||; s|^[a-zA-Z]:||; s/\.c$/.o/'` + +# Create the lock directory. +# Note: use '[/\\:.-]' here to ensure that we don't use the same name +# that we are using for the .o file. Also, base the name on the expected +# object file name, since that is what matters with a parallel build. +lockdir=`echo "$cofile" | sed -e 's|[/\\:.-]|_|g'`.d +while true; do + if mkdir "$lockdir" >/dev/null 2>&1; then + break + fi + sleep 1 +done +# FIXME: race condition here if user kills between mkdir and trap. +trap "rmdir '$lockdir'; exit 1" 1 2 15 + +# Run the compile. +"$@" +ret=$? + +if test -f "$cofile"; then + test "$cofile" = "$ofile" || mv "$cofile" "$ofile" +elif test -f "${cofile}bj"; then + test "${cofile}bj" = "$ofile" || mv "${cofile}bj" "$ofile" +fi + +rmdir "$lockdir" +exit $ret + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/config.guess b/config.guess new file mode 100755 index 0000000..256083a --- /dev/null +++ b/config.guess @@ -0,0 +1,1476 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright 1992-2018 Free Software Foundation, Inc. + +timestamp='2018-03-08' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). +# +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. +# +# You can get the latest version of this script from: +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess +# +# Please send patches to . + + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Options: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright 1992-2018 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + +trap 'exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. Note that the use of a +# compiler to aid in system detection is discouraged as it requires +# temporary files to be created and, as you can see below, it is a +# headache to deal with in a portable fashion. + +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +# Portable tmp directory creation inspired by the Autoconf team. + +set_cc_for_build=' +trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ; +trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ; +: ${TMPDIR=/tmp} ; + { tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } || + { test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } || + { tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } || + { echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ; +dummy=$tmp/dummy ; +tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ; +case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int x;" > "$dummy.c" ; + for c in cc gcc c89 c99 ; do + if ($c -c -o "$dummy.o" "$dummy.c") >/dev/null 2>&1 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac ; set_cc_for_build= ;' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +case "$UNAME_SYSTEM" in +Linux|GNU|GNU/*) + # If the system lacks a compiler, then just pick glibc. + # We could probably try harder. + LIBC=gnu + + eval "$set_cc_for_build" + cat <<-EOF > "$dummy.c" + #include + #if defined(__UCLIBC__) + LIBC=uclibc + #elif defined(__dietlibc__) + LIBC=dietlibc + #else + LIBC=gnu + #endif + EOF + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`" + + # If ldd exists, use it to detect musl libc. + if command -v ldd >/dev/null && \ + ldd --version 2>&1 | grep -q ^musl + then + LIBC=musl + fi + ;; +esac + +# Note: order is significant - the case branches are not exclusive. + +case "$UNAME_MACHINE:$UNAME_SYSTEM:$UNAME_RELEASE:$UNAME_VERSION" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # + # Note: NetBSD doesn't particularly care about the vendor + # portion of the name. We always set it to "unknown". + sysctl="sysctl -n hw.machine_arch" + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + "/sbin/$sysctl" 2>/dev/null || \ + "/usr/sbin/$sysctl" 2>/dev/null || \ + echo unknown)` + case "$UNAME_MACHINE_ARCH" in + armeb) machine=armeb-unknown ;; + arm*) machine=arm-unknown ;; + sh3el) machine=shl-unknown ;; + sh3eb) machine=sh-unknown ;; + sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo "$UNAME_MACHINE_ARCH" | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo "$UNAME_MACHINE_ARCH" | sed -ne 's,^.*\(eb\)$,\1,p'` + machine="${arch}${endian}"-unknown + ;; + *) machine="$UNAME_MACHINE_ARCH"-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently (or will in the future) and ABI. + case "$UNAME_MACHINE_ARCH" in + earm*) + os=netbsdelf + ;; + arm*|i386|m68k|ns32k|sh3*|sparc|vax) + eval "$set_cc_for_build" + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ELF__ + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # Determine ABI tags. + case "$UNAME_MACHINE_ARCH" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo "$UNAME_MACHINE_ARCH" | sed -e "$expr"` + ;; + esac + # The OS release + # Debian GNU/NetBSD machines have a different userland, and + # thus, need a distinct triplet. However, they do not need + # kernel version information, so it can be replaced with a + # suitable tag, in the style of linux-gnu. + case "$UNAME_VERSION" in + Debian*) + release='-gnu' + ;; + *) + release=`echo "$UNAME_RELEASE" | sed -e 's/[-_].*//' | cut -d. -f1,2` + ;; + esac + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "$machine-${os}${release}${abi}" + exit ;; + *:Bitrig:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-bitrig"$UNAME_RELEASE" + exit ;; + *:OpenBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-openbsd"$UNAME_RELEASE" + exit ;; + *:LibertyBSD:*:*) + UNAME_MACHINE_ARCH=`arch | sed 's/^.*BSD\.//'` + echo "$UNAME_MACHINE_ARCH"-unknown-libertybsd"$UNAME_RELEASE" + exit ;; + *:MidnightBSD:*:*) + echo "$UNAME_MACHINE"-unknown-midnightbsd"$UNAME_RELEASE" + exit ;; + *:ekkoBSD:*:*) + echo "$UNAME_MACHINE"-unknown-ekkobsd"$UNAME_RELEASE" + exit ;; + *:SolidBSD:*:*) + echo "$UNAME_MACHINE"-unknown-solidbsd"$UNAME_RELEASE" + exit ;; + macppc:MirBSD:*:*) + echo powerpc-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:MirBSD:*:*) + echo "$UNAME_MACHINE"-unknown-mirbsd"$UNAME_RELEASE" + exit ;; + *:Sortix:*:*) + echo "$UNAME_MACHINE"-unknown-sortix + exit ;; + *:Redox:*:*) + echo "$UNAME_MACHINE"-unknown-redox + exit ;; + mips:OSF1:*.*) + echo mips-dec-osf1 + exit ;; + alpha:OSF1:*:*) + case $UNAME_RELEASE in + *4.0) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + ;; + *5.*) + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'` + ;; + esac + # According to Compaq, /usr/sbin/psrinfo has been available on + # OSF/1 and Tru64 systems produced since 1995. I hope that + # covers most systems running today. This code pipes the CPU + # types through head -n 1, so we only detect the type of CPU 0. + ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1` + case "$ALPHA_CPU_TYPE" in + "EV4 (21064)") + UNAME_MACHINE=alpha ;; + "EV4.5 (21064)") + UNAME_MACHINE=alpha ;; + "LCA4 (21066/21068)") + UNAME_MACHINE=alpha ;; + "EV5 (21164)") + UNAME_MACHINE=alphaev5 ;; + "EV5.6 (21164A)") + UNAME_MACHINE=alphaev56 ;; + "EV5.6 (21164PC)") + UNAME_MACHINE=alphapca56 ;; + "EV5.7 (21164PC)") + UNAME_MACHINE=alphapca57 ;; + "EV6 (21264)") + UNAME_MACHINE=alphaev6 ;; + "EV6.7 (21264A)") + UNAME_MACHINE=alphaev67 ;; + "EV6.8CB (21264C)") + UNAME_MACHINE=alphaev68 ;; + "EV6.8AL (21264B)") + UNAME_MACHINE=alphaev68 ;; + "EV6.8CX (21264D)") + UNAME_MACHINE=alphaev68 ;; + "EV6.9A (21264/EV69A)") + UNAME_MACHINE=alphaev69 ;; + "EV7 (21364)") + UNAME_MACHINE=alphaev7 ;; + "EV7.9 (21364A)") + UNAME_MACHINE=alphaev79 ;; + esac + # A Pn.n version is a patched version. + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + echo "$UNAME_MACHINE"-dec-osf"`echo "$UNAME_RELEASE" | sed -e 's/^[PVTX]//' | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz`" + # Reset EXIT trap before exiting to avoid spurious non-zero exit code. + exitcode=$? + trap '' 0 + exit $exitcode ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit ;; + *:[Aa]miga[Oo][Ss]:*:*) + echo "$UNAME_MACHINE"-unknown-amigaos + exit ;; + *:[Mm]orph[Oo][Ss]:*:*) + echo "$UNAME_MACHINE"-unknown-morphos + exit ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit ;; + *:z/VM:*:*) + echo s390-ibm-zvmoe + exit ;; + *:OS400:*:*) + echo powerpc-ibm-os400 + exit ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix"$UNAME_RELEASE" + exit ;; + arm*:riscos:*:*|arm*:RISCOS:*:*) + echo arm-unknown-riscos + exit ;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit ;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit ;; + DRS?6000:unix:4.0:6*) + echo sparc-icl-nx6 + exit ;; + DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*) + case `/usr/bin/uname -p` in + sparc) echo sparc-icl-nx7; exit ;; + esac ;; + s390x:SunOS:*:*) + echo "$UNAME_MACHINE"-ibm-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" + exit ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2"`echo "$UNAME_RELEASE" | sed -e 's/[^.]*//'`" + exit ;; + i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*) + echo i386-pc-auroraux"$UNAME_RELEASE" + exit ;; + i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*) + eval "$set_cc_for_build" + SUN_ARCH=i386 + # If there is a compiler, see if it is configured for 64-bit objects. + # Note that the Sun cc does not turn __LP64__ into 1 like gcc does. + # This test works for both compilers. + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + SUN_ARCH=x86_64 + fi + fi + echo "$SUN_ARCH"-pc-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos"`echo "$UNAME_RELEASE"|sed -e 's/-/_/'`" + exit ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos"$UNAME_RELEASE" + exit ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x$UNAME_RELEASE" = x && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos"$UNAME_RELEASE" + ;; + sun4) + echo sparc-sun-sunos"$UNAME_RELEASE" + ;; + esac + exit ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos"$UNAME_RELEASE" + exit ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint"$UNAME_RELEASE" + exit ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint"$UNAME_RELEASE" + exit ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint"$UNAME_RELEASE" + exit ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint"$UNAME_RELEASE" + exit ;; + m68k:machten:*:*) + echo m68k-apple-machten"$UNAME_RELEASE" + exit ;; + powerpc:machten:*:*) + echo powerpc-apple-machten"$UNAME_RELEASE" + exit ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix"$UNAME_RELEASE" + exit ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix"$UNAME_RELEASE" + exit ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix"$UNAME_RELEASE" + exit ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && + dummyarg=`echo "$UNAME_RELEASE" | sed -n 's/\([0-9]*\).*/\1/p'` && + SYSTEM_NAME=`"$dummy" "$dummyarg"` && + { echo "$SYSTEM_NAME"; exit; } + echo mips-mips-riscos"$UNAME_RELEASE" + exit ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit ;; + Motorola:*:4.3:PL8-*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*) + echo powerpc-harris-powermax + exit ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ "$UNAME_PROCESSOR" = mc88100 ] || [ "$UNAME_PROCESSOR" = mc88110 ] + then + if [ "$TARGET_BINARY_INTERFACE"x = m88kdguxelfx ] || \ + [ "$TARGET_BINARY_INTERFACE"x = x ] + then + echo m88k-dg-dgux"$UNAME_RELEASE" + else + echo m88k-dg-dguxbcs"$UNAME_RELEASE" + fi + else + echo i586-dg-dgux"$UNAME_RELEASE" + fi + exit ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit ;; + *:IRIX*:*:*) + echo mips-sgi-irix"`echo "$UNAME_RELEASE"|sed -e 's/-/_/g'`" + exit ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + fi + echo "$UNAME_MACHINE"-ibm-aix"$IBM_REV" + exit ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + if $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` + then + echo "$SYSTEM_NAME" + else + echo rs6000-ibm-aix3.2.5 + fi + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit ;; + *:AIX:*:[4567]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'` + if /usr/sbin/lsattr -El "$IBM_CPU_ID" | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` + else + IBM_REV="$UNAME_VERSION.$UNAME_RELEASE" + fi + echo "$IBM_ARCH"-ibm-aix"$IBM_REV" + exit ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit ;; + ibmrt:4.4BSD:*|romp-ibm:4.4BSD:*) + echo romp-ibm-bsd4.4 + exit ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd"$UNAME_RELEASE" # 4.3 with uname added to + exit ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + case "$UNAME_MACHINE" in + 9000/31?) HP_ARCH=m68000 ;; + 9000/[34]??) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "$sc_cpu_version" in + 523) HP_ARCH=hppa1.0 ;; # CPU_PA_RISC1_0 + 528) HP_ARCH=hppa1.1 ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "$sc_kernel_bits" in + 32) HP_ARCH=hppa2.0n ;; + 64) HP_ARCH=hppa2.0w ;; + '') HP_ARCH=hppa2.0 ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "$HP_ARCH" = "" ]; then + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS="" $CC_FOR_BUILD -o "$dummy" "$dummy.c" 2>/dev/null) && HP_ARCH=`"$dummy"` + test -z "$HP_ARCH" && HP_ARCH=hppa + fi ;; + esac + if [ "$HP_ARCH" = hppa2.0w ] + then + eval "$set_cc_for_build" + + # hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating + # 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler + # generating 64-bit code. GNU and HP use different nomenclature: + # + # $ CC_FOR_BUILD=cc ./config.guess + # => hppa2.0w-hp-hpux11.23 + # $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess + # => hppa64-hp-hpux11.23 + + if echo __LP64__ | (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | + grep -q __LP64__ + then + HP_ARCH=hppa2.0w + else + HP_ARCH=hppa64 + fi + fi + echo "$HP_ARCH"-hp-hpux"$HPUX_REV" + exit ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo "$UNAME_RELEASE"|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux"$HPUX_REV" + exit ;; + 3050*:HI-UX:*:*) + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD -o "$dummy" "$dummy.c" && SYSTEM_NAME=`"$dummy"` && + { echo "$SYSTEM_NAME"; exit; } + echo unknown-hitachi-hiuxwe2 + exit ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:*) + echo hppa1.1-hp-bsd + exit ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:*) + echo hppa1.1-hp-osf + exit ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo "$UNAME_MACHINE"-unknown-osf1mk + else + echo "$UNAME_MACHINE"-unknown-osf1 + fi + exit ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*[A-Z]90:*:*:*) + echo "$UNAME_MACHINE"-cray-unicos"$UNAME_RELEASE" \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + *:UNICOS/mp:*:*) + echo craynv-cray-unicosmp"$UNAME_RELEASE" | sed -e 's/\.[^.]*$/.X/' + exit ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz` + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + 5000:UNIX_System_V:4.*:*) + FUJITSU_SYS=`uname -p | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/\///'` + FUJITSU_REL=`echo "$UNAME_RELEASE" | tr ABCDEFGHIJKLMNOPQRSTUVWXYZ abcdefghijklmnopqrstuvwxyz | sed -e 's/ /_/'` + echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo "$UNAME_MACHINE"-pc-bsdi"$UNAME_RELEASE" + exit ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi"$UNAME_RELEASE" + exit ;; + *:BSD/OS:*:*) + echo "$UNAME_MACHINE"-unknown-bsdi"$UNAME_RELEASE" + exit ;; + *:FreeBSD:*:*) + UNAME_PROCESSOR=`/usr/bin/uname -p` + case "$UNAME_PROCESSOR" in + amd64) + UNAME_PROCESSOR=x86_64 ;; + i386) + UNAME_PROCESSOR=i586 ;; + esac + echo "$UNAME_PROCESSOR"-unknown-freebsd"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" + exit ;; + i*:CYGWIN*:*) + echo "$UNAME_MACHINE"-pc-cygwin + exit ;; + *:MINGW64*:*) + echo "$UNAME_MACHINE"-pc-mingw64 + exit ;; + *:MINGW*:*) + echo "$UNAME_MACHINE"-pc-mingw32 + exit ;; + *:MSYS*:*) + echo "$UNAME_MACHINE"-pc-msys + exit ;; + i*:PW*:*) + echo "$UNAME_MACHINE"-pc-pw32 + exit ;; + *:Interix*:*) + case "$UNAME_MACHINE" in + x86) + echo i586-pc-interix"$UNAME_RELEASE" + exit ;; + authenticamd | genuineintel | EM64T) + echo x86_64-unknown-interix"$UNAME_RELEASE" + exit ;; + IA64) + echo ia64-unknown-interix"$UNAME_RELEASE" + exit ;; + esac ;; + i*:UWIN*:*) + echo "$UNAME_MACHINE"-pc-uwin + exit ;; + amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*) + echo x86_64-unknown-cygwin + exit ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2"`echo "$UNAME_RELEASE"|sed -e 's/[^.]*//'`" + exit ;; + *:GNU:*:*) + # the GNU system + echo "`echo "$UNAME_MACHINE"|sed -e 's,[-/].*$,,'`-unknown-$LIBC`echo "$UNAME_RELEASE"|sed -e 's,/.*$,,'`" + exit ;; + *:GNU/*:*:*) + # other systems with GNU libc and userland + echo "$UNAME_MACHINE-unknown-`echo "$UNAME_SYSTEM" | sed 's,^[^/]*/,,' | tr "[:upper:]" "[:lower:]"``echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`-$LIBC" + exit ;; + i*86:Minix:*:*) + echo "$UNAME_MACHINE"-pc-minix + exit ;; + aarch64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + aarch64_be:Linux:*:*) + UNAME_MACHINE=aarch64_be + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep -q ld.so.1 + if test "$?" = 0 ; then LIBC=gnulibc1 ; fi + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + arc:Linux:*:* | arceb:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + arm*:Linux:*:*) + eval "$set_cc_for_build" + if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_EABI__ + then + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + else + if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep -q __ARM_PCS_VFP + then + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabi + else + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC"eabihf + fi + fi + exit ;; + avr32*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + cris:Linux:*:*) + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + crisv32:Linux:*:*) + echo "$UNAME_MACHINE"-axis-linux-"$LIBC" + exit ;; + e2k:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + frv:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + hexagon:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + i*86:Linux:*:*) + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + exit ;; + ia64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + k1om:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + m32r*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + m68*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + mips:Linux:*:* | mips64:Linux:*:*) + eval "$set_cc_for_build" + sed 's/^ //' << EOF > "$dummy.c" + #undef CPU + #undef ${UNAME_MACHINE} + #undef ${UNAME_MACHINE}el + #if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL) + CPU=${UNAME_MACHINE}el + #else + #if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB) + CPU=${UNAME_MACHINE} + #else + CPU= + #endif + #endif +EOF + eval "`$CC_FOR_BUILD -E "$dummy.c" 2>/dev/null | grep '^CPU'`" + test "x$CPU" != x && { echo "$CPU-unknown-linux-$LIBC"; exit; } + ;; + mips64el:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + openrisc*:Linux:*:*) + echo or1k-unknown-linux-"$LIBC" + exit ;; + or32:Linux:*:* | or1k*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + padre:Linux:*:*) + echo sparc-unknown-linux-"$LIBC" + exit ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-"$LIBC" + exit ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-"$LIBC" ;; + PA8*) echo hppa2.0-unknown-linux-"$LIBC" ;; + *) echo hppa-unknown-linux-"$LIBC" ;; + esac + exit ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-"$LIBC" + exit ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-"$LIBC" + exit ;; + ppc64le:Linux:*:*) + echo powerpc64le-unknown-linux-"$LIBC" + exit ;; + ppcle:Linux:*:*) + echo powerpcle-unknown-linux-"$LIBC" + exit ;; + riscv32:Linux:*:* | riscv64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo "$UNAME_MACHINE"-ibm-linux-"$LIBC" + exit ;; + sh64*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + sh*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + tile*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + vax:Linux:*:*) + echo "$UNAME_MACHINE"-dec-linux-"$LIBC" + exit ;; + x86_64:Linux:*:*) + echo "$UNAME_MACHINE"-pc-linux-"$LIBC" + exit ;; + xtensa*:Linux:*:*) + echo "$UNAME_MACHINE"-unknown-linux-"$LIBC" + exit ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo "$UNAME_MACHINE"-pc-sysv4.2uw"$UNAME_VERSION" + exit ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo "$UNAME_MACHINE"-pc-os2-emx + exit ;; + i*86:XTS-300:*:STOP) + echo "$UNAME_MACHINE"-unknown-stop + exit ;; + i*86:atheos:*:*) + echo "$UNAME_MACHINE"-unknown-atheos + exit ;; + i*86:syllable:*:*) + echo "$UNAME_MACHINE"-pc-syllable + exit ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*) + echo i386-unknown-lynxos"$UNAME_RELEASE" + exit ;; + i*86:*DOS:*:*) + echo "$UNAME_MACHINE"-pc-msdosdjgpp + exit ;; + i*86:*:4.*:*) + UNAME_REL=`echo "$UNAME_RELEASE" | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo "$UNAME_MACHINE"-univel-sysv"$UNAME_REL" + else + echo "$UNAME_MACHINE"-pc-sysv"$UNAME_REL" + fi + exit ;; + i*86:*:5:[678]*) + # UnixWare 7.x, OpenUNIX and OpenServer 6. + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo "$UNAME_MACHINE-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}{$UNAME_VERSION}" + exit ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')` + (/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo "$UNAME_MACHINE"-pc-sco"$UNAME_REL" + else + echo "$UNAME_MACHINE"-pc-sysv32 + fi + exit ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i586. + # Note: whatever this is, it MUST be the same as what config.sub + # prints for the "djgpp" host, or else GDB configure will decide that + # this is a cross-build. + echo i586-pc-msdosdjgpp + exit ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv"$UNAME_RELEASE" # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv"$UNAME_RELEASE" # Unknown i860-SVR4 + fi + exit ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit ;; + mc68k:UNIX:SYSTEM5:3.51m) + echo m68k-convergent-sysv + exit ;; + M680?0:D-NIX:5.3:*) + echo m68k-diab-dnix + exit ;; + M68*:*:R3V[5678]*:*) + test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;; + 3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4; exit; } ;; + NCR*:*:4.2:* | MPRAS*:*:4.2:*) + OS_REL='.3' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && { echo i486-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } + /bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \ + && { echo i586-ncr-sysv4.3"$OS_REL"; exit; } ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos"$UNAME_RELEASE" + exit ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos"$UNAME_RELEASE" + exit ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos"$UNAME_RELEASE" + exit ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*) + echo powerpc-unknown-lynxos"$UNAME_RELEASE" + exit ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv"$UNAME_RELEASE" + exit ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo "$UNAME_MACHINE"-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit ;; + i*86:VOS:*:*) + # From Paul.Green@stratus.com. + echo "$UNAME_MACHINE"-stratus-vos + exit ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux"$UNAME_RELEASE" + exit ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv"$UNAME_RELEASE" + else + echo mips-unknown-sysv"$UNAME_RELEASE" + fi + exit ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit ;; + BePC:Haiku:*:*) # Haiku running on Intel PC compatible. + echo i586-pc-haiku + exit ;; + x86_64:Haiku:*:*) + echo x86_64-unknown-haiku + exit ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux"$UNAME_RELEASE" + exit ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux"$UNAME_RELEASE" + exit ;; + SX-6:SUPER-UX:*:*) + echo sx6-nec-superux"$UNAME_RELEASE" + exit ;; + SX-7:SUPER-UX:*:*) + echo sx7-nec-superux"$UNAME_RELEASE" + exit ;; + SX-8:SUPER-UX:*:*) + echo sx8-nec-superux"$UNAME_RELEASE" + exit ;; + SX-8R:SUPER-UX:*:*) + echo sx8r-nec-superux"$UNAME_RELEASE" + exit ;; + SX-ACE:SUPER-UX:*:*) + echo sxace-nec-superux"$UNAME_RELEASE" + exit ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody"$UNAME_RELEASE" + exit ;; + *:Rhapsody:*:*) + echo "$UNAME_MACHINE"-apple-rhapsody"$UNAME_RELEASE" + exit ;; + *:Darwin:*:*) + UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown + eval "$set_cc_for_build" + if test "$UNAME_PROCESSOR" = unknown ; then + UNAME_PROCESSOR=powerpc + fi + if test "`echo "$UNAME_RELEASE" | sed -e 's/\..*//'`" -le 10 ; then + if [ "$CC_FOR_BUILD" != no_compiler_found ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi + # On 10.4-10.6 one might compile for PowerPC via gcc -arch ppc + if (echo '#ifdef __POWERPC__'; echo IS_PPC; echo '#endif') | \ + (CCOPTS="" $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_PPC >/dev/null + then + UNAME_PROCESSOR=powerpc + fi + fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 + fi + echo "$UNAME_PROCESSOR"-apple-darwin"$UNAME_RELEASE" + exit ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + UNAME_PROCESSOR=`uname -p` + if test "$UNAME_PROCESSOR" = x86; then + UNAME_PROCESSOR=i386 + UNAME_MACHINE=pc + fi + echo "$UNAME_PROCESSOR"-"$UNAME_MACHINE"-nto-qnx"$UNAME_RELEASE" + exit ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit ;; + NEO-*:NONSTOP_KERNEL:*:*) + echo neo-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSE-*:NONSTOP_KERNEL:*:*) + echo nse-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSR-*:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSV-*:NONSTOP_KERNEL:*:*) + echo nsv-tandem-nsk"$UNAME_RELEASE" + exit ;; + NSX-*:NONSTOP_KERNEL:*:*) + echo nsx-tandem-nsk"$UNAME_RELEASE" + exit ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit ;; + DS/*:UNIX_System_V:*:*) + echo "$UNAME_MACHINE"-"$UNAME_SYSTEM"-"$UNAME_RELEASE" + exit ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = 386; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo "$UNAME_MACHINE"-unknown-plan9 + exit ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit ;; + SEI:*:*:SEIUX) + echo mips-sei-seiux"$UNAME_RELEASE" + exit ;; + *:DragonFly:*:*) + echo "$UNAME_MACHINE"-unknown-dragonfly"`echo "$UNAME_RELEASE"|sed -e 's/[-(].*//'`" + exit ;; + *:*VMS:*:*) + UNAME_MACHINE=`(uname -p) 2>/dev/null` + case "$UNAME_MACHINE" in + A*) echo alpha-dec-vms ; exit ;; + I*) echo ia64-dec-vms ; exit ;; + V*) echo vax-dec-vms ; exit ;; + esac ;; + *:XENIX:*:SysV) + echo i386-pc-xenix + exit ;; + i*86:skyos:*:*) + echo "$UNAME_MACHINE"-pc-skyos"`echo "$UNAME_RELEASE" | sed -e 's/ .*$//'`" + exit ;; + i*86:rdos:*:*) + echo "$UNAME_MACHINE"-pc-rdos + exit ;; + i*86:AROS:*:*) + echo "$UNAME_MACHINE"-pc-aros + exit ;; + x86_64:VMkernel:*:*) + echo "$UNAME_MACHINE"-unknown-esx + exit ;; + amd64:Isilon\ OneFS:*:*) + echo x86_64-unknown-onefs + exit ;; +esac + +echo "$0: unable to guess system type" >&2 + +case "$UNAME_MACHINE:$UNAME_SYSTEM" in + mips:Linux | mips64:Linux) + # If we got here on MIPS GNU/Linux, output extra information. + cat >&2 <&2 </dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = "$UNAME_MACHINE" +UNAME_RELEASE = "$UNAME_RELEASE" +UNAME_SYSTEM = "$UNAME_SYSTEM" +UNAME_VERSION = "$UNAME_VERSION" +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/config.h.in b/config.h.in new file mode 100644 index 0000000..cd18434 --- /dev/null +++ b/config.h.in @@ -0,0 +1,324 @@ +/* config.h.in. Generated from configure.ac by autoheader. */ + +/* This is dnsdist */ +#undef DNSDIST + +/* Define to 1 if you have the `accept4' function. */ +#undef HAVE_ACCEPT4 + +/* Defined if the requested minimum BOOST version is satisfied */ +#undef HAVE_BOOST + +/* Define to 1 if you have */ +#undef HAVE_BOOST_TEST_UNIT_TEST_HPP + +/* Defined if the Boost unit_test_framework library is available */ +#undef HAVE_BOOST_UNIT_TEST_FRAMEWORK + +/* Define to 1 if you have CDB */ +#undef HAVE_CDB + +/* Define to 1 if you have the header file. */ +#undef HAVE_CDB_H + +/* Define to 1 if you have clock_gettime */ +#undef HAVE_CLOCK_GETTIME + +/* Define to 1 if you have the `crypto_box_curve25519xchacha20poly1305_easy' + function. */ +#undef HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY + +/* Define to 1 if you have the `crypto_box_easy_afternm' function. */ +#undef HAVE_CRYPTO_BOX_EASY_AFTERNM + +/* Define to 1 if you have the `CRYPTO_memcmp' function. */ +#undef HAVE_CRYPTO_MEMCMP + +/* Define to 1 if you have the `crypto_shorthash' function. */ +#undef HAVE_CRYPTO_SHORTHASH + +/* define if the compiler supports basic C++17 syntax */ +#undef HAVE_CXX17 + +/* Define to 1 if you have the declaration of + `h2o_socket_get_ssl_server_name', and to 0 if you don't. */ +#undef HAVE_DECL_H2O_SOCKET_GET_SSL_SERVER_NAME + +/* Define to 1 if you have the declaration of `snmp_select_info2', and to 0 if + you don't. */ +#undef HAVE_DECL_SNMP_SELECT_INFO2 + +/* Define to 1 if you have the header file. */ +#undef HAVE_DLFCN_H + +/* Define to 1 if you enable dnscrypt support */ +#undef HAVE_DNSCRYPT + +/* Define to 1 if you enable DNS over HTTPS support */ +#undef HAVE_DNS_OVER_HTTPS + +/* Define to 1 if you enable DNS over TLS support */ +#undef HAVE_DNS_OVER_TLS + +/* Define if using eBPF. */ +#undef HAVE_EBPF + +/* Define to 1 if you have the `EVP_MD_CTX_free' function. */ +#undef HAVE_EVP_MD_CTX_FREE + +/* Define to 1 if you have the `EVP_MD_CTX_new' function. */ +#undef HAVE_EVP_MD_CTX_NEW + +/* Define to 1 if you have EVP_PKEY_CTX_set1_scrypt_salt */ +#undef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT + +/* Define to 1 if you have the `explicit_bzero' function. */ +#undef HAVE_EXPLICIT_BZERO + +/* Define to 1 if you have the `explicit_memset' function. */ +#undef HAVE_EXPLICIT_MEMSET + +/* Define if ASAN fiber annotation interface is available. */ +#undef HAVE_FIBER_SANITIZER + +/* Define to 1 if you have libfstrm */ +#undef HAVE_FSTRM + +/* Define to 1 if you have the `fstrm_tcp_writer_init' function. */ +#undef HAVE_FSTRM_TCP_WRITER_INIT + +/* Define to 1 if you have the `gmtime_r' function. */ +#undef HAVE_GMTIME_R + +/* Define to 1 if you have GnuTLS */ +#undef HAVE_GNUTLS + +/* Define to 1 if you have the `gnutls_alpn_set_protocols' function. */ +#undef HAVE_GNUTLS_ALPN_SET_PROTOCOLS + +/* Define to 1 if you have the `gnutls_memset' function. */ +#undef HAVE_GNUTLS_MEMSET + +/* Define to 1 if you have the `gnutls_session_get_verify_cert_status' + function. */ +#undef HAVE_GNUTLS_SESSION_GET_VERIFY_CERT_STATUS + +/* Define to 1 if you have the `gnutls_session_set_verify_cert' function. */ +#undef HAVE_GNUTLS_SESSION_SET_VERIFY_CERT + +/* define to 1 if h2o_socket_get_ssl_server_name is available. */ +#undef HAVE_H2O_SOCKET_GET_SSL_SERVER_NAME + +/* Define to 1 if you have the header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have libcap */ +#undef HAVE_LIBCAP + +/* Define to 1 if you have OpenSSL libcrypto */ +#undef HAVE_LIBCRYPTO + +/* Define to 1 if you have libh2o-evloop */ +#undef HAVE_LIBH2OEVLOOP + +/* Define to 1 if you have libsodium */ +#undef HAVE_LIBSODIUM + +/* Define to 1 if you have OpenSSL libssl */ +#undef HAVE_LIBSSL + +/* Define to 1 if you have the header file. */ +#undef HAVE_LINUX_BPF_H + +/* Define to 1 if you have LMDB */ +#undef HAVE_LMDB + +/* Define to 1 if you have the header file. */ +#undef HAVE_LMDB_H + +/* Define to 1 if you have the `localtime_r' function. */ +#undef HAVE_LOCALTIME_R + +/* Define to 1 if you have lua */ +#undef HAVE_LUA + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define if using Net SNMP. */ +#undef HAVE_NET_SNMP + +/* Define to 1 if you have nghttp2 */ +#undef HAVE_NGHTTP2 + +/* Define to 1 if you have the `OCSP_basic_sign' function. */ +#undef HAVE_OCSP_BASIC_SIGN + +/* Define to 1 if you have the `OPENSSL_init_crypto' function. */ +#undef HAVE_OPENSSL_INIT_CRYPTO + +/* Define to 1 if you have pthread_getattr_np */ +#undef HAVE_PTHREAD_GETATTR_NP + +/* Define to 1 if you have pthread_get_stackaddr_np */ +#undef HAVE_PTHREAD_GET_STACKADDR_NP + +/* Define to 1 if you have pthread_get_stacksize_np */ +#undef HAVE_PTHREAD_GET_STACKSIZE_NP + +/* Define to 1 if you have the header file. */ +#undef HAVE_PTHREAD_NP_H + +/* Define to 1 if you have pthread_setaffinity_np */ +#undef HAVE_PTHREAD_SETAFFINITY_NP + +/* 1-arg pthread_setname_np */ +#undef HAVE_PTHREAD_SETNAME_NP_1 + +/* 2-arg pthread_setname_np */ +#undef HAVE_PTHREAD_SETNAME_NP_2 + +/* 3-arg pthread_setname_np */ +#undef HAVE_PTHREAD_SETNAME_NP_3 + +/* 2-arg pthread_set_name_np */ +#undef HAVE_PTHREAD_SET_NAME_NP_2 + +/* 2-arg void pthread_set_name_np */ +#undef HAVE_PTHREAD_SET_NAME_NP_2_VOID + +/* Define to 1 if you have the `randombytes_stir' function. */ +#undef HAVE_RANDOMBYTES_STIR + +/* Define to 1 if you have the `RAND_bytes' function. */ +#undef HAVE_RAND_BYTES + +/* Define to 1 if you have the `RAND_pseudo_bytes' function. */ +#undef HAVE_RAND_PSEUDO_BYTES + +/* Define if using RE2. */ +#undef HAVE_RE2 + +/* Define to 1 if you have the `recvmmsg' function. */ +#undef HAVE_RECVMMSG + +/* Define to 1 if you have the `RSA_get0_key' function. */ +#undef HAVE_RSA_GET0_KEY + +/* Define to 1 if you have the header + file. */ +#undef HAVE_SANITIZER_COMMON_INTERFACE_DEFS_H + +/* Define to 1 if __sanitizer_finish_switch_fiber takes only a pointer */ +#undef HAVE_SANITIZER_FINISH_SWITCH_FIBER_SINGLE_PTR + +/* Define to 1 if __sanitizer_finish_switch_fiber takes three pointers */ +#undef HAVE_SANITIZER_FINISH_SWITCH_FIBER_THREE_PTRS + +/* Define to 1 if you have the `sendmmsg' function. */ +#undef HAVE_SENDMMSG + +/* define to 1 if snmp_select_info2 is available. */ +#undef HAVE_SNMP_SELECT_INFO2 + +/* Define to 1 if you have the `sodium_memcmp' function. */ +#undef HAVE_SODIUM_MEMCMP + +/* Define to 1 if you have the `SSL_CTX_get0_privatekey' function. */ +#undef HAVE_SSL_CTX_GET0_PRIVATEKEY + +/* Define to 1 if you have the `SSL_CTX_set_alpn_protos' function. */ +#undef HAVE_SSL_CTX_SET_ALPN_PROTOS + +/* Define to 1 if you have the `SSL_CTX_set_alpn_select_cb' function. */ +#undef HAVE_SSL_CTX_SET_ALPN_SELECT_CB + +/* Define to 1 if you have the `SSL_CTX_set_ciphersuites' function. */ +#undef HAVE_SSL_CTX_SET_CIPHERSUITES + +/* Define to 1 if you have the `SSL_CTX_set_keylog_callback' function. */ +#undef HAVE_SSL_CTX_SET_KEYLOG_CALLBACK + +/* Define to 1 if you have the `SSL_CTX_set_min_proto_version' function. */ +#undef HAVE_SSL_CTX_SET_MIN_PROTO_VERSION + +/* Define to 1 if you have the `SSL_CTX_set_next_proto_select_cb' function. */ +#undef HAVE_SSL_CTX_SET_NEXT_PROTO_SELECT_CB + +/* Define to 1 if you have the `SSL_CTX_set_num_tickets' function. */ +#undef HAVE_SSL_CTX_SET_NUM_TICKETS + +/* Define to 1 if you have the `SSL_get0_alpn_selected' function. */ +#undef HAVE_SSL_GET0_ALPN_SELECTED + +/* Define to 1 if you have the `SSL_get0_next_proto_negotiated' function. */ +#undef HAVE_SSL_GET0_NEXT_PROTO_NEGOTIATED + +/* Define to 1 if you have the `SSL_set_hostflags' function. */ +#undef HAVE_SSL_SET_HOSTFLAGS + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Systemd available and enabled */ +#undef HAVE_SYSTEMD + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to the sub-directory where libtool stores uninstalled libraries. */ +#undef LT_OBJDIR + +/* If your OS is so broken that it needs an additional prototype */ +#undef NEED_INET_NTOP_PROTO + +/* If POSIX typedefs need to be defined */ +#undef NEED_POSIX_TYPEDEF + +/* Name of package */ +#undef PACKAGE + +/* Set to the package version used for secpoll */ +#undef PACKAGEVERSION + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* The number of bytes in type time_t */ +#undef SIZEOF_TIME_T + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Version number of package */ +#undef VERSION diff --git a/config.sub b/config.sub new file mode 100755 index 0000000..9ccf09a --- /dev/null +++ b/config.sub @@ -0,0 +1,1801 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright 1992-2018 Free Software Foundation, Inc. + +timestamp='2018-03-08' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, see . +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that +# program. This Exception is an additional permission under section 7 +# of the GNU General Public License, version 3 ("GPLv3"). + + +# Please send patches to . +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# You can get the latest version of this script from: +# https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS or ALIAS + +Canonicalize a configuration name. + +Options: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright 1992-2018 Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit ;; + --version | -v ) + echo "$version" ; exit ;; + --help | --h* | -h ) + echo "$usage"; exit ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo "$1" + exit ;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ + linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ + kopensolaris*-gnu* | cloudabi*-eabi* | \ + storm-chaos* | os2-emx* | rtmk-nova*) + os=-$maybe_os + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + android-linux) + os=-linux-android + basic_machine=`echo "$1" | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`-unknown + ;; + *) + basic_machine=`echo "$1" | sed 's/-[^-]*$//'` + if [ "$basic_machine" != "$1" ] + then os=`echo "$1" | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis | -knuth | -cray | -microblaze*) + os= + basic_machine=$1 + ;; + -bluegene*) + os=-cnk + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco6) + os=-sco5v6 + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -sco5v6*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo "$1" | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*178) + os=-lynxos178 + ;; + -lynx*5) + os=-lynxos5 + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo "$1" | sed -e 's/86-.*/86-sequent/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | aarch64 | aarch64_be \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] | alpha64pca5[67] \ + | am33_2.0 \ + | arc | arceb \ + | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ + | avr | avr32 \ + | ba \ + | be32 | be64 \ + | bfin \ + | c4x | c8051 | clipper \ + | d10v | d30v | dlx | dsp16xx \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | hexagon \ + | i370 | i860 | i960 | ia16 | ia64 \ + | ip2k | iq2000 \ + | k1om \ + | le32 | le64 \ + | lm32 \ + | m32c | m32r | m32rle | m68000 | m68k | m88k \ + | maxq | mb | microblaze | microblazeel | mcore | mep | metag \ + | mips | mipsbe | mipseb | mipsel | mipsle \ + | mips16 \ + | mips64 | mips64el \ + | mips64octeon | mips64octeonel \ + | mips64orion | mips64orionel \ + | mips64r5900 | mips64r5900el \ + | mips64vr | mips64vrel \ + | mips64vr4100 | mips64vr4100el \ + | mips64vr4300 | mips64vr4300el \ + | mips64vr5000 | mips64vr5000el \ + | mips64vr5900 | mips64vr5900el \ + | mipsisa32 | mipsisa32el \ + | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ + | mipsisa64 | mipsisa64el \ + | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ + | mipsisa64sb1 | mipsisa64sb1el \ + | mipsisa64sr71k | mipsisa64sr71kel \ + | mipsr5900 | mipsr5900el \ + | mipstx39 | mipstx39el \ + | mn10200 | mn10300 \ + | moxie \ + | mt \ + | msp430 \ + | nds32 | nds32le | nds32be \ + | nios | nios2 | nios2eb | nios2el \ + | ns16k | ns32k \ + | open8 | or1k | or1knd | or32 \ + | pdp10 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle \ + | pru \ + | pyramid \ + | riscv32 | riscv64 \ + | rl78 | rx \ + | score \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh64 | sh64le \ + | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ + | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ + | spu \ + | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ + | ubicom32 \ + | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ + | wasm32 \ + | x86 | xc16x | xstormy16 | xtensa \ + | z8k | z80) + basic_machine=$basic_machine-unknown + ;; + c54x) + basic_machine=tic54x-unknown + ;; + c55x) + basic_machine=tic55x-unknown + ;; + c6x) + basic_machine=tic6x-unknown + ;; + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65) + ;; + ms1) + basic_machine=mt-unknown + ;; + + strongarm | thumb | xscale) + basic_machine=arm-unknown + ;; + xgate) + basic_machine=$basic_machine-unknown + os=-none + ;; + xscaleeb) + basic_machine=armeb-unknown + ;; + + xscaleel) + basic_machine=armel-unknown + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | aarch64-* | aarch64_be-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alpha64-* | alpha64ev[4-8]-* | alpha64ev56-* | alpha64ev6[78]-* \ + | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ + | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ + | avr-* | avr32-* \ + | ba-* \ + | be32-* | be64-* \ + | bfin-* | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c4x-* \ + | c8051-* | clipper-* | craynv-* | cydra-* \ + | d10v-* | d30v-* | dlx-* \ + | e2k-* | elxsi-* \ + | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | hexagon-* \ + | i*86-* | i860-* | i960-* | ia16-* | ia64-* \ + | ip2k-* | iq2000-* \ + | k1om-* \ + | le32-* | le64-* \ + | lm32-* \ + | m32c-* | m32r-* | m32rle-* \ + | m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | maxq-* | mcore-* | metag-* \ + | microblaze-* | microblazeel-* \ + | mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \ + | mips16-* \ + | mips64-* | mips64el-* \ + | mips64octeon-* | mips64octeonel-* \ + | mips64orion-* | mips64orionel-* \ + | mips64r5900-* | mips64r5900el-* \ + | mips64vr-* | mips64vrel-* \ + | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* \ + | mips64vr5000-* | mips64vr5000el-* \ + | mips64vr5900-* | mips64vr5900el-* \ + | mipsisa32-* | mipsisa32el-* \ + | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ + | mipsisa64-* | mipsisa64el-* \ + | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ + | mipsisa64sb1-* | mipsisa64sb1el-* \ + | mipsisa64sr71k-* | mipsisa64sr71kel-* \ + | mipsr5900-* | mipsr5900el-* \ + | mipstx39-* | mipstx39el-* \ + | mmix-* \ + | mt-* \ + | msp430-* \ + | nds32-* | nds32le-* | nds32be-* \ + | nios-* | nios2-* | nios2eb-* | nios2el-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | open8-* \ + | or1k*-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ + | pru-* \ + | pyramid-* \ + | riscv32-* | riscv64-* \ + | rl78-* | romp-* | rs6000-* | rx-* \ + | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ + | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ + | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ + | sparclite-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ + | tahoe-* \ + | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ + | tile*-* \ + | tron-* \ + | ubicom32-* \ + | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ + | vax-* \ + | visium-* \ + | wasm32-* \ + | we32k-* \ + | x86-* | x86_64-* | xc16x-* | xps100-* \ + | xstormy16-* | xtensa*-* \ + | ymp-* \ + | z8k-* | z80-*) + ;; + # Recognize the basic CPU types without company name, with glob match. + xtensa*) + basic_machine=$basic_machine-unknown + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-pc + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + abacus) + basic_machine=abacus-unknown + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amd64) + basic_machine=x86_64-pc + ;; + amd64-*) + basic_machine=x86_64-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aros) + basic_machine=i386-pc + os=-aros + ;; + asmjs) + basic_machine=asmjs-unknown + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + blackfin) + basic_machine=bfin-unknown + os=-linux + ;; + blackfin-*) + basic_machine=bfin-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=-linux + ;; + bluegene*) + basic_machine=powerpc-ibm + os=-cnk + ;; + c54x-*) + basic_machine=tic54x-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + c55x-*) + basic_machine=tic55x-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + c6x-*) + basic_machine=tic6x-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + c90) + basic_machine=c90-cray + os=-unicos + ;; + cegcc) + basic_machine=arm-unknown + os=-cegcc + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | j90) + basic_machine=j90-cray + os=-unicos + ;; + craynv) + basic_machine=craynv-cray + os=-unicosmp + ;; + cr16 | cr16-*) + basic_machine=cr16-unknown + os=-elf + ;; + crds | unos) + basic_machine=m68k-crds + ;; + crisv32 | crisv32-* | etraxfs*) + basic_machine=crisv32-axis + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + crx) + basic_machine=crx-unknown + os=-elf + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + decsystem10* | dec10*) + basic_machine=pdp10-dec + os=-tops10 + ;; + decsystem20* | dec20*) + basic_machine=pdp10-dec + os=-tops20 + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dicos) + basic_machine=i686-pc + os=-dicos + ;; + djgpp) + basic_machine=i586-pc + os=-msdosdjgpp + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2*) + basic_machine=m68k-bull + os=-sysv3 + ;; + e500v[12]) + basic_machine=powerpc-unknown + os=$os"spe" + ;; + e500v[12]-*) + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=$os"spe" + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; + i*86v32) + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo "$1" | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo "$basic_machine" | sed 's/-.*//'` + ;; + m68knommu) + basic_machine=m68k-unknown + os=-linux + ;; + m68knommu-*) + basic_machine=m68k-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=-linux + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + microblaze*) + basic_machine=microblaze-xilinx + ;; + mingw64) + basic_machine=x86_64-pc + os=-mingw64 + ;; + mingw32) + basic_machine=i686-pc + os=-mingw32 + ;; + mingw32ce) + basic_machine=arm-unknown + os=-mingw32ce + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mips3*-*) + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo "$basic_machine" | sed -e 's/mips3/mips64/'`-unknown + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + morphos) + basic_machine=powerpc-unknown + os=-morphos + ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + ms1-*) + basic_machine=`echo "$basic_machine" | sed -e 's/ms1-/mt-/'` + ;; + msys) + basic_machine=i686-pc + os=-msys + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + nacl) + basic_machine=le32-unknown + os=-nacl + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + neo-tandem) + basic_machine=neo-tandem + ;; + nse-tandem) + basic_machine=nse-tandem + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + nsv-tandem) + basic_machine=nsv-tandem + ;; + nsx-tandem) + basic_machine=nsx-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + openrisc | openrisc-*) + basic_machine=or32-unknown + ;; + os400) + basic_machine=powerpc-ibm + os=-os400 + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + parisc) + basic_machine=hppa-unknown + os=-linux + ;; + parisc-*) + basic_machine=hppa-`echo "$basic_machine" | sed 's/^[^-]*-//'` + os=-linux + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pc98) + basic_machine=i386-pc + ;; + pc98-*) + basic_machine=i386-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon | athlon_*) + basic_machine=i686-pc + ;; + pentiumii | pentium2 | pentiumiii | pentium3) + basic_machine=i686-pc + ;; + pentium4) + basic_machine=i786-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-* | pentiumiii-* | pentium3-*) + basic_machine=i686-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + pentium4-*) + basic_machine=i786-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc | ppcbe) basic_machine=powerpc-unknown + ;; + ppc-* | ppcbe-*) + basic_machine=powerpc-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rdos | rdos64) + basic_machine=x86_64-pc + os=-rdos + ;; + rdos32) + basic_machine=i386-pc + os=-rdos + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sb1) + basic_machine=mipsisa64sb1-unknown + ;; + sb1el) + basic_machine=mipsisa64sb1el-unknown + ;; + sde) + basic_machine=mipsisa32-sde + os=-elf + ;; + sei) + basic_machine=mips-sei + os=-seiux + ;; + sequent) + basic_machine=i386-sequent + ;; + sh5el) + basic_machine=sh5le-unknown + ;; + simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + strongarm-* | thumb-*) + basic_machine=arm-`echo "$basic_machine" | sed 's/^[^-]*-//'` + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=alphaev5-cray + os=-unicos + ;; + t90) + basic_machine=t90-cray + os=-unicos + ;; + tile*) + basic_machine=$basic_machine-unknown + os=-linux-gnu + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + toad1) + basic_machine=pdp10-xkl + os=-tops20 + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + tpf) + basic_machine=s390x-ibm + os=-tpf + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + x64) + basic_machine=x86_64-pc + ;; + xbox) + basic_machine=i686-pc + os=-mingw32 + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + xscale-* | xscalee[bl]-*) + basic_machine=`echo "$basic_machine" | sed 's/^xscale/arm/'` + ;; + ymp) + basic_machine=ymp-cray + os=-unicos + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + romp) + basic_machine=romp-ibm + ;; + mmix) + basic_machine=mmix-knuth + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele) + basic_machine=sh-unknown + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`"$1"\': machine \`"$basic_machine"\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo "$basic_machine" | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo "$basic_machine" | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases that might get confused + # with valid system types. + # -solaris* is a basic system type, with this one exception. + -auroraux) + os=-auroraux + ;; + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # es1800 is here to avoid being matched by es* (a different OS) + -es1800*) + os=-ose + ;; + # Now accept the basic system types. + # The portable systems comes first. + # Each alternative MUST end in a * to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -cnk* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ + | -sym* | -kopensolaris* | -plan9* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -knetbsd* | -mirbsd* | -netbsd* \ + | -bitrig* | -openbsd* | -solidbsd* | -libertybsd* \ + | -ekkobsd* | -kfreebsd* | -freebsd* | -riscix* | -lynxos* \ + | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* | -hcos* \ + | -chorusos* | -chorusrdb* | -cegcc* | -glidix* \ + | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -midipix* | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ + | -linux-newlib* | -linux-musl* | -linux-uclibc* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ + | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ + | -morphos* | -superux* | -rtmk* | -windiss* \ + | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* \ + | -onefs* | -tirtos* | -phoenix* | -fuchsia* | -redox* | -bme* \ + | -midnightbsd*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto-qnx*) + ;; + -nto*) + os=`echo $os | sed -e 's|nto|nto-qnx|'` + ;; + -sim | -xray | -os68k* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo "$os" | sed -e 's|mac|macos|'` + ;; + -linux-dietlibc) + os=-linux-dietlibc + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo "$os" | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo "$os" | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -os400*) + os=-os400 + ;; + -wince*) + os=-wince + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -syllable*) + os=-syllable + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -nova*) + os=-rtmk-nova + ;; + -ns2) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -tpf*) + os=-tpf + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4*) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -zvmoe) + os=-zvmoe + ;; + -dicos*) + os=-dicos + ;; + -pikeos*) + # Until real need of OS specific support for + # particular features comes up, bare metal + # configurations are quite functional. + case $basic_machine in + arm*) + os=-eabi + ;; + *) + os=-elf + ;; + esac + ;; + -nacl*) + ;; + -ios) + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`"$1"\': system \`"$os"\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + score-*) + os=-elf + ;; + spu-*) + os=-elf + ;; + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + c4x-* | tic4x-*) + os=-coff + ;; + c8051-*) + os=-elf + ;; + hexagon-*) + os=-elf + ;; + tic54x-*) + os=-coff + ;; + tic55x-*) + os=-coff + ;; + tic6x-*) + os=-coff + ;; + # This must come before the *-dec entry. + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + ;; + m68*-cisco) + os=-aout + ;; + mep-*) + os=-elf + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + or32-*) + os=-coff + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + pru-*) + os=-elf + ;; + *-be) + os=-beos + ;; + *-ibm) + os=-aix + ;; + *-knuth) + os=-mmixware + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -cnk*|-aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -os400*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -tpf*) + vendor=ibm + ;; + -vxsim* | -vxworks* | -windiss*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo "$basic_machine" | sed "s/unknown/$vendor/"` + ;; +esac + +echo "$basic_machine$os" +exit + +# Local variables: +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/configure b/configure new file mode 100755 index 0000000..9c311fb --- /dev/null +++ b/configure @@ -0,0 +1,27370 @@ +#! /bin/sh +# Guess values for system-dependent variables and create Makefiles. +# Generated by GNU Autoconf 2.69 for dnsdist 1.7.3. +# +# +# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. +# +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +# Use a proper internal environment variable to ensure we don't fall + # into an infinite loop, continuously re-executing ourselves. + if test x"${_as_can_reexec}" != xno && test "x$CONFIG_SHELL" != x; then + _as_can_reexec=no; export _as_can_reexec; + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +as_fn_exit 255 + fi + # We don't want this to propagate to other subprocesses. + { _as_can_reexec=; unset _as_can_reexec;} +if test "x$CONFIG_SHELL" = x; then + as_bourne_compatible="if test -n \"\${ZSH_VERSION+set}\" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on \${1+\"\$@\"}, which + # is contrary to our usage. Disable this feature. + alias -g '\${1+\"\$@\"}'='\"\$@\"' + setopt NO_GLOB_SUBST +else + case \`(set -o) 2>/dev/null\` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi +" + as_required="as_fn_return () { (exit \$1); } +as_fn_success () { as_fn_return 0; } +as_fn_failure () { as_fn_return 1; } +as_fn_ret_success () { return 0; } +as_fn_ret_failure () { return 1; } + +exitcode=0 +as_fn_success || { exitcode=1; echo as_fn_success failed.; } +as_fn_failure && { exitcode=1; echo as_fn_failure succeeded.; } +as_fn_ret_success || { exitcode=1; echo as_fn_ret_success failed.; } +as_fn_ret_failure && { exitcode=1; echo as_fn_ret_failure succeeded.; } +if ( set x; as_fn_ret_success y && test x = \"\$1\" ); then : + +else + exitcode=1; echo positional parameters were not saved. +fi +test x\$exitcode = x0 || exit 1 +test -x / || exit 1" + as_suggested=" as_lineno_1=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_1a=\$LINENO + as_lineno_2=";as_suggested=$as_suggested$LINENO;as_suggested=$as_suggested" as_lineno_2a=\$LINENO + eval 'test \"x\$as_lineno_1'\$as_run'\" != \"x\$as_lineno_2'\$as_run'\" && + test \"x\`expr \$as_lineno_1'\$as_run' + 1\`\" = \"x\$as_lineno_2'\$as_run'\"' || exit 1 + + test -n \"\${ZSH_VERSION+set}\${BASH_VERSION+set}\" || ( + ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + ECHO=\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO\$ECHO + PATH=/empty FPATH=/empty; export PATH FPATH + test \"X\`printf %s \$ECHO\`\" = \"X\$ECHO\" \\ + || test \"X\`print -r -- \$ECHO\`\" = \"X\$ECHO\" ) || exit 1 +test \$(( 1 + 1 )) = 2 || exit 1" + if (eval "$as_required") 2>/dev/null; then : + as_have_required=yes +else + as_have_required=no +fi + if test x$as_have_required = xyes && (eval "$as_suggested") 2>/dev/null; then : + +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +as_found=false +for as_dir in /bin$PATH_SEPARATOR/usr/bin$PATH_SEPARATOR$PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + as_found=: + case $as_dir in #( + /*) + for as_base in sh bash ksh sh5; do + # Try only shells that exist, to save several forks. + as_shell=$as_dir/$as_base + if { test -f "$as_shell" || test -f "$as_shell.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$as_shell"; } 2>/dev/null; then : + CONFIG_SHELL=$as_shell as_have_required=yes + if { $as_echo "$as_bourne_compatible""$as_suggested" | as_run=a "$as_shell"; } 2>/dev/null; then : + break 2 +fi +fi + done;; + esac + as_found=false +done +$as_found || { if { test -f "$SHELL" || test -f "$SHELL.exe"; } && + { $as_echo "$as_bourne_compatible""$as_required" | as_run=a "$SHELL"; } 2>/dev/null; then : + CONFIG_SHELL=$SHELL as_have_required=yes +fi; } +IFS=$as_save_IFS + + + if test "x$CONFIG_SHELL" != x; then : + export CONFIG_SHELL + # We cannot yet assume a decent shell, so we have to provide a +# neutralization value for shells without unset; and this also +# works around shells that cannot unset nonexistent variables. +# Preserve -v and -x to the replacement shell. +BASH_ENV=/dev/null +ENV=/dev/null +(unset BASH_ENV) >/dev/null 2>&1 && unset BASH_ENV ENV +case $- in # (((( + *v*x* | *x*v* ) as_opts=-vx ;; + *v* ) as_opts=-v ;; + *x* ) as_opts=-x ;; + * ) as_opts= ;; +esac +exec $CONFIG_SHELL $as_opts "$as_myself" ${1+"$@"} +# Admittedly, this is quite paranoid, since all the known shells bail +# out after a failed `exec'. +$as_echo "$0: could not re-execute with $CONFIG_SHELL" >&2 +exit 255 +fi + + if test x$as_have_required = xno; then : + $as_echo "$0: This script requires a shell more modern than all" + $as_echo "$0: the shells that I found on your system." + if test x${ZSH_VERSION+set} = xset ; then + $as_echo "$0: In particular, zsh $ZSH_VERSION has bugs and should" + $as_echo "$0: be upgraded to zsh 4.3.4 or later." + else + $as_echo "$0: Please tell bug-autoconf@gnu.org about your system, +$0: including any error possibly output before this +$0: message. Then install a modern shell, or manually run +$0: the script under such a shell if you do have one." + fi + exit 1 +fi +fi +fi +SHELL=${CONFIG_SHELL-/bin/sh} +export SHELL +# Unset more variables known to interfere with behavior of common tools. +CLICOLOR_FORCE= GREP_OPTIONS= +unset CLICOLOR_FORCE GREP_OPTIONS + +## --------------------- ## +## M4sh Shell Functions. ## +## --------------------- ## +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + + + as_lineno_1=$LINENO as_lineno_1a=$LINENO + as_lineno_2=$LINENO as_lineno_2a=$LINENO + eval 'test "x$as_lineno_1'$as_run'" != "x$as_lineno_2'$as_run'" && + test "x`expr $as_lineno_1'$as_run' + 1`" = "x$as_lineno_2'$as_run'"' || { + # Blame Lee E. McMahon (1931-1989) for sed's syntax. :-) + sed -n ' + p + /[$]LINENO/= + ' <$as_myself | + sed ' + s/[$]LINENO.*/&-/ + t lineno + b + :lineno + N + :loop + s/[$]LINENO\([^'$as_cr_alnum'_].*\n\)\(.*\)/\2\1\2/ + t loop + s/-\n.*// + ' >$as_me.lineno && + chmod +x "$as_me.lineno" || + { $as_echo "$as_me: error: cannot create $as_me.lineno; rerun with a POSIX shell" >&2; as_fn_exit 1; } + + # If we had to re-execute with $CONFIG_SHELL, we're ensured to have + # already done that, so ensure we don't try to do so again and fall + # in an infinite loop. This has already happened in practice. + _as_can_reexec=no; export _as_can_reexec + # Don't try to exec as it changes $[0], causing all sort of problems + # (the dirname of $[0] is not the place where we might find the + # original and so on. Autoconf is especially sensitive to this). + . "./$as_me.lineno" + # Exit status is that of the last command. + exit +} + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + +SHELL=${CONFIG_SHELL-/bin/sh} + + +test -n "$DJDIR" || exec 7<&0 &1 + +# Name of the host. +# hostname on some systems (SVR3.2, old GNU/Linux) returns a bogus exit status, +# so uname gets run too. +ac_hostname=`(hostname || uname -n) 2>/dev/null | sed 1q` + +# +# Initializations. +# +ac_default_prefix=/usr/local +ac_clean_files= +ac_config_libobj_dir=. +LIBOBJS= +cross_compiling=no +subdirs= +MFLAGS= +MAKEFLAGS= + +# Identity of this package. +PACKAGE_NAME='dnsdist' +PACKAGE_TARNAME='dnsdist' +PACKAGE_VERSION='1.7.3' +PACKAGE_STRING='dnsdist 1.7.3' +PACKAGE_BUGREPORT='' +PACKAGE_URL='' + +# Factoring default headers for most tests. +ac_includes_default="\ +#include +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_SYS_STAT_H +# include +#endif +#ifdef STDC_HEADERS +# include +# include +#else +# ifdef HAVE_STDLIB_H +# include +# endif +#endif +#ifdef HAVE_STRING_H +# if !defined STDC_HEADERS && defined HAVE_MEMORY_H +# include +# endif +# include +#endif +#ifdef HAVE_STRINGS_H +# include +#endif +#ifdef HAVE_INTTYPES_H +# include +#endif +#ifdef HAVE_STDINT_H +# include +#endif +#ifdef HAVE_UNISTD_H +# include +#endif" + +ac_func_list= +ac_subst_vars='am__EXEEXT_FALSE +am__EXEEXT_TRUE +LTLIBOBJS +LIBOBJS +PACKAGEVERSION +AM_CPPFLAGS +PROGRAM_LDFLAGS +HAVE_MANPAGES_FALSE +HAVE_MANPAGES_TRUE +HAVE_VENV_FALSE +HAVE_VENV_TRUE +pkgpyexecdir +pyexecdir +pkgpythondir +pythondir +PYTHON_PLATFORM +PYTHON_EXEC_PREFIX +PYTHON_PREFIX +PYTHON_VERSION +PYTHON +WARN_CFLAGS +SANITIZER_FLAGS +RELRO_LDFLAGS +PIE_LDFLAGS +PIE_CFLAGS +HAVE_CXX17 +LMDB_LIBS +LMDB_CFLAGS +CDB_LIBS +CDB_CFLAGS +HAVE_NGHTTP2_FALSE +HAVE_NGHTTP2_TRUE +NGHTTP2_LIBS +NGHTTP2_CFLAGS +HAVE_LIBH2OEVLOOP_FALSE +HAVE_LIBH2OEVLOOP_TRUE +LIBH2OEVLOOP_LIBS +LIBH2OEVLOOP_CFLAGS +GNUTLS_LIBS +GNUTLS_CFLAGS +LIBSSL_LIBS +LIBSSL_CFLAGS +HAVE_DNS_OVER_HTTPS_FALSE +HAVE_DNS_OVER_HTTPS_TRUE +HAVE_DNS_OVER_TLS_FALSE +HAVE_DNS_OVER_TLS_TRUE +HAVE_LIBCRYPTO_FALSE +HAVE_LIBCRYPTO_TRUE +LIBCRYPTO_LDFLAGS +LIBCRYPTO_LIBS +LIBCRYPTO_INCLUDES +HAVE_CDB_FALSE +HAVE_CDB_TRUE +HAVE_LMDB_FALSE +HAVE_LMDB_TRUE +HAVE_LIBSSL_FALSE +HAVE_LIBSSL_TRUE +HAVE_GNUTLS_FALSE +HAVE_GNUTLS_TRUE +HAVE_LUA_HPP_FALSE +HAVE_LUA_HPP_TRUE +LUA_FALSE +LUA_TRUE +LUA_LIBS +LUA_CFLAGS +IPCRYPT_LIBS +IPCRYPT_CFLAGS +YAHTTP_LIBS +YAHTTP_CFLAGS +service_group +service_user +HAVE_SYSTEMD_FALSE +HAVE_SYSTEMD_TRUE +HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV_FALSE +HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV_TRUE +HAVE_SYSTEMD_SYSTEM_CALL_FILTER_FALSE +HAVE_SYSTEMD_SYSTEM_CALL_FILTER_TRUE +HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES_FALSE +HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES_TRUE +HAVE_SYSTEMD_RESTRICT_SUIDSGID_FALSE +HAVE_SYSTEMD_RESTRICT_SUIDSGID_TRUE +HAVE_SYSTEMD_RESTRICT_REALTIME_FALSE +HAVE_SYSTEMD_RESTRICT_REALTIME_TRUE +HAVE_SYSTEMD_RESTRICT_NAMESPACES_FALSE +HAVE_SYSTEMD_RESTRICT_NAMESPACES_TRUE +HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES_FALSE +HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES_TRUE +HAVE_SYSTEMD_REMOVE_IPC_FALSE +HAVE_SYSTEMD_REMOVE_IPC_TRUE +HAVE_SYSTEMD_PROTECT_SYSTEM_STRICT_FALSE +HAVE_SYSTEMD_PROTECT_SYSTEM_STRICT_TRUE +HAVE_SYSTEMD_PROTECT_SYSTEM_FALSE +HAVE_SYSTEMD_PROTECT_SYSTEM_TRUE +HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES_FALSE +HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES_TRUE +HAVE_SYSTEMD_PROTECT_KERNEL_MODULES_FALSE +HAVE_SYSTEMD_PROTECT_KERNEL_MODULES_TRUE +HAVE_SYSTEMD_PROTECT_KERNEL_LOGS_FALSE +HAVE_SYSTEMD_PROTECT_KERNEL_LOGS_TRUE +HAVE_SYSTEMD_PROTECT_HOSTNAME_FALSE +HAVE_SYSTEMD_PROTECT_HOSTNAME_TRUE +HAVE_SYSTEMD_PROTECT_HOME_FALSE +HAVE_SYSTEMD_PROTECT_HOME_TRUE +HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS_FALSE +HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS_TRUE +HAVE_SYSTEMD_PROTECT_CLOCK_FALSE +HAVE_SYSTEMD_PROTECT_CLOCK_TRUE +HAVE_SYSTEMD_PRIVATE_USERS_FALSE +HAVE_SYSTEMD_PRIVATE_USERS_TRUE +HAVE_SYSTEMD_PRIVATE_TMP_FALSE +HAVE_SYSTEMD_PRIVATE_TMP_TRUE +HAVE_SYSTEMD_PRIVATE_MOUNTS_FALSE +HAVE_SYSTEMD_PRIVATE_MOUNTS_TRUE +HAVE_SYSTEMD_PRIVATE_DEVICES_FALSE +HAVE_SYSTEMD_PRIVATE_DEVICES_TRUE +HAVE_SYSTEMD_PERCENT_T_FALSE +HAVE_SYSTEMD_PERCENT_T_TRUE +HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE_FALSE +HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE_TRUE +HAVE_SYSTEMD_LOCK_PERSONALITY_FALSE +HAVE_SYSTEMD_LOCK_PERSONALITY_TRUE +HAVE_SYSTEMD_DYNAMIC_USER_FALSE +HAVE_SYSTEMD_DYNAMIC_USER_TRUE +SYSTEMCTL +SYSTEMD_LIBS +SYSTEMD_CFLAGS +SYSTEMD_MODULES_LOAD +SYSTEMD_DIR +systemd +HAVE_LIBCAP_FALSE +HAVE_LIBCAP_TRUE +LIBCAP_LIBS +LIBCAP_CFLAGS +HAVE_NET_SNMP_FALSE +HAVE_NET_SNMP_TRUE +NET_SNMP_LIBS +NET_SNMP_CFLAGS +HAVE_EBPF_FALSE +HAVE_EBPF_TRUE +DNSCRYPT_FALSE +DNSCRYPT_TRUE +HAVE_RE2_FALSE +HAVE_RE2_TRUE +RE2_LIBS +RE2_CFLAGS +BOOST_UNIT_TEST_FRAMEWORK_LIBS +BOOST_LDPATH +BOOST_UNIT_TEST_FRAMEWORK_LDPATH +BOOST_UNIT_TEST_FRAMEWORK_LDFLAGS +UNIT_TESTS_FALSE +UNIT_TESTS_TRUE +BOOST_CPPFLAGS +DISTCHECK_CONFIGURE_FLAGS +BOOST_ROOT +DYNLINKFLAGS +THREADFLAGS +HAVE_SOLARIS_FALSE +HAVE_SOLARIS_TRUE +HAVE_DARWIN_FALSE +HAVE_DARWIN_TRUE +HAVE_LINUX_FALSE +HAVE_LINUX_TRUE +HAVE_OPENBSD_FALSE +HAVE_OPENBSD_TRUE +HAVE_FREEBSD_FALSE +HAVE_FREEBSD_TRUE +RT_LIBS +LIBEDIT_LIBS +LIBEDIT_CFLAGS +RAGEL +FSTRM_FALSE +FSTRM_TRUE +FSTRM_LIBS +FSTRM_CFLAGS +LIBSODIUM_FALSE +LIBSODIUM_TRUE +LIBSODIUM_LIBS +LIBSODIUM_CFLAGS +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH +PKG_CONFIG +CXXCPP +CPP +LT_SYS_LIBRARY_PATH +OTOOL64 +OTOOL +LIPO +NMEDIT +DSYMUTIL +MANIFEST_TOOL +RANLIB +ac_ct_AR +AR +DLLTOOL +OBJDUMP +LN_S +NM +ac_ct_DUMPBIN +DUMPBIN +LD +FGREP +EGREP +GREP +SED +host_os +host_vendor +host_cpu +host +build_os +build_vendor +build_cpu +build +LIBTOOL +am__fastdepCXX_FALSE +am__fastdepCXX_TRUE +CXXDEPMODE +ac_ct_CXX +CXXFLAGS +CXX +am__fastdepCC_FALSE +am__fastdepCC_TRUE +CCDEPMODE +am__nodep +AMDEPBACKSLASH +AMDEP_FALSE +AMDEP_TRUE +am__include +DEPDIR +OBJEXT +EXEEXT +ac_ct_CC +CPPFLAGS +LDFLAGS +CFLAGS +CC +AM_BACKSLASH +AM_DEFAULT_VERBOSITY +AM_DEFAULT_V +AM_V +am__untar +am__tar +AMTAR +am__leading_dot +SET_MAKE +AWK +mkdir_p +MKDIR_P +INSTALL_STRIP_PROGRAM +STRIP +install_sh +MAKEINFO +AUTOHEADER +AUTOMAKE +AUTOCONF +ACLOCAL +VERSION +PACKAGE +CYGPATH_W +am__isrc +INSTALL_DATA +INSTALL_SCRIPT +INSTALL_PROGRAM +target_alias +host_alias +build_alias +LIBS +ECHO_T +ECHO_N +ECHO_C +DEFS +mandir +localedir +libdir +psdir +pdfdir +dvidir +htmldir +infodir +docdir +oldincludedir +includedir +runstatedir +localstatedir +sharedstatedir +sysconfdir +datadir +datarootdir +libexecdir +sbindir +bindir +program_transform_name +prefix +exec_prefix +PACKAGE_URL +PACKAGE_BUGREPORT +PACKAGE_STRING +PACKAGE_VERSION +PACKAGE_TARNAME +PACKAGE_NAME +PATH_SEPARATOR +SHELL +am__quote' +ac_subst_files='' +ac_user_opts=' +enable_option_checking +enable_silent_rules +enable_dependency_tracking +enable_static +enable_shared +with_pic +enable_fast_install +with_aix_soname +with_gnu_ld +with_sysroot +enable_libtool_lock +with_libsodium +enable_dnstap +with_boost +enable_unit_tests +enable_static_boost +with_re2 +enable_dnscrypt +with_ebpf +with_net_snmp +with_libcap +enable_systemd +with_systemd +with_service_user +with_service_group +with_lua +with_libcrypto +enable_dns_over_tls +enable_dns_over_https +with_libssl +with_gnutls +with_nghttp2 +with_lmdb +enable_hardening +enable_asan +enable_msan +enable_tsan +enable_lsan +enable_ubsan +' + ac_precious_vars='build_alias +host_alias +target_alias +CC +CFLAGS +LDFLAGS +LIBS +CPPFLAGS +CXX +CXXFLAGS +CCC +LT_SYS_LIBRARY_PATH +CPP +CXXCPP +PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR +LIBSODIUM_CFLAGS +LIBSODIUM_LIBS +FSTRM_CFLAGS +FSTRM_LIBS +LIBEDIT_CFLAGS +LIBEDIT_LIBS +BOOST_ROOT +RE2_CFLAGS +RE2_LIBS +LIBCAP_CFLAGS +LIBCAP_LIBS +SYSTEMD_CFLAGS +SYSTEMD_LIBS +LUA_CFLAGS +LUA_LIBS +LIBSSL_CFLAGS +LIBSSL_LIBS +GNUTLS_CFLAGS +GNUTLS_LIBS +LIBH2OEVLOOP_CFLAGS +LIBH2OEVLOOP_LIBS +NGHTTP2_CFLAGS +NGHTTP2_LIBS +CDB_CFLAGS +CDB_LIBS +LMDB_CFLAGS +LMDB_LIBS +PYTHON +PACKAGEVERSION' + + +# Initialize some variables set by options. +ac_init_help= +ac_init_version=false +ac_unrecognized_opts= +ac_unrecognized_sep= +# The variables have the same names as the options, with +# dashes changed to underlines. +cache_file=/dev/null +exec_prefix=NONE +no_create= +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +verbose= +x_includes=NONE +x_libraries=NONE + +# Installation directory options. +# These are left unexpanded so users can "make install exec_prefix=/foo" +# and all the variables that are supposed to be based on exec_prefix +# by default will actually change. +# Use braces instead of parens because sh, perl, etc. also accept them. +# (The list follows the same order as the GNU Coding Standards.) +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datarootdir='${prefix}/share' +datadir='${datarootdir}' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' +includedir='${prefix}/include' +oldincludedir='/usr/include' +docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' +infodir='${datarootdir}/info' +htmldir='${docdir}' +dvidir='${docdir}' +pdfdir='${docdir}' +psdir='${docdir}' +libdir='${exec_prefix}/lib' +localedir='${datarootdir}/locale' +mandir='${datarootdir}/man' + +ac_prev= +ac_dashdash= +for ac_option +do + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval $ac_prev=\$ac_option + ac_prev= + continue + fi + + case $ac_option in + *=?*) ac_optarg=`expr "X$ac_option" : '[^=]*=\(.*\)'` ;; + *=) ac_optarg= ;; + *) ac_optarg=yes ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case $ac_dashdash$ac_option in + --) + ac_dashdash=yes ;; + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir=$ac_optarg ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build_alias ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build_alias=$ac_optarg ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file=$ac_optarg ;; + + --config-cache | -C) + cache_file=config.cache ;; + + -datadir | --datadir | --datadi | --datad) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=*) + datadir=$ac_optarg ;; + + -datarootdir | --datarootdir | --datarootdi | --datarootd | --dataroot \ + | --dataroo | --dataro | --datar) + ac_prev=datarootdir ;; + -datarootdir=* | --datarootdir=* | --datarootdi=* | --datarootd=* \ + | --dataroot=* | --dataroo=* | --dataro=* | --datar=*) + datarootdir=$ac_optarg ;; + + -disable-* | --disable-*) + ac_useropt=`expr "x$ac_option" : 'x-*disable-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--disable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=no ;; + + -docdir | --docdir | --docdi | --doc | --do) + ac_prev=docdir ;; + -docdir=* | --docdir=* | --docdi=* | --doc=* | --do=*) + docdir=$ac_optarg ;; + + -dvidir | --dvidir | --dvidi | --dvid | --dvi | --dv) + ac_prev=dvidir ;; + -dvidir=* | --dvidir=* | --dvidi=* | --dvid=* | --dvi=* | --dv=*) + dvidir=$ac_optarg ;; + + -enable-* | --enable-*) + ac_useropt=`expr "x$ac_option" : 'x-*enable-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid feature name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"enable_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--enable-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval enable_$ac_useropt=\$ac_optarg ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix=$ac_optarg ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he | -h) + ac_init_help=long ;; + -help=r* | --help=r* | --hel=r* | --he=r* | -hr*) + ac_init_help=recursive ;; + -help=s* | --help=s* | --hel=s* | --he=s* | -hs*) + ac_init_help=short ;; + + -host | --host | --hos | --ho) + ac_prev=host_alias ;; + -host=* | --host=* | --hos=* | --ho=*) + host_alias=$ac_optarg ;; + + -htmldir | --htmldir | --htmldi | --htmld | --html | --htm | --ht) + ac_prev=htmldir ;; + -htmldir=* | --htmldir=* | --htmldi=* | --htmld=* | --html=* | --htm=* \ + | --ht=*) + htmldir=$ac_optarg ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir=$ac_optarg ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir=$ac_optarg ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir=$ac_optarg ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir=$ac_optarg ;; + + -localedir | --localedir | --localedi | --localed | --locale) + ac_prev=localedir ;; + -localedir=* | --localedir=* | --localedi=* | --localed=* | --locale=*) + localedir=$ac_optarg ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst | --locals) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* | --locals=*) + localstatedir=$ac_optarg ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir=$ac_optarg ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c | -n) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir=$ac_optarg ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix=$ac_optarg ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix=$ac_optarg ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix=$ac_optarg ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name=$ac_optarg ;; + + -pdfdir | --pdfdir | --pdfdi | --pdfd | --pdf | --pd) + ac_prev=pdfdir ;; + -pdfdir=* | --pdfdir=* | --pdfdi=* | --pdfd=* | --pdf=* | --pd=*) + pdfdir=$ac_optarg ;; + + -psdir | --psdir | --psdi | --psd | --ps) + ac_prev=psdir ;; + -psdir=* | --psdir=* | --psdi=* | --psd=* | --ps=*) + psdir=$ac_optarg ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir=$ac_optarg ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir=$ac_optarg ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site=$ac_optarg ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir=$ac_optarg ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir=$ac_optarg ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target_alias ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target_alias=$ac_optarg ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers | -V) + ac_init_version=: ;; + + -with-* | --with-*) + ac_useropt=`expr "x$ac_option" : 'x-*with-\([^=]*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--with-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=\$ac_optarg ;; + + -without-* | --without-*) + ac_useropt=`expr "x$ac_option" : 'x-*without-\(.*\)'` + # Reject names that are not valid shell variable names. + expr "x$ac_useropt" : ".*[^-+._$as_cr_alnum]" >/dev/null && + as_fn_error $? "invalid package name: $ac_useropt" + ac_useropt_orig=$ac_useropt + ac_useropt=`$as_echo "$ac_useropt" | sed 's/[-+.]/_/g'` + case $ac_user_opts in + *" +"with_$ac_useropt" +"*) ;; + *) ac_unrecognized_opts="$ac_unrecognized_opts$ac_unrecognized_sep--without-$ac_useropt_orig" + ac_unrecognized_sep=', ';; + esac + eval with_$ac_useropt=no ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes=$ac_optarg ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries=$ac_optarg ;; + + -*) as_fn_error $? "unrecognized option: \`$ac_option' +Try \`$0 --help' for more information" + ;; + + *=*) + ac_envvar=`expr "x$ac_option" : 'x\([^=]*\)='` + # Reject names that are not valid shell variable names. + case $ac_envvar in #( + '' | [0-9]* | *[!_$as_cr_alnum]* ) + as_fn_error $? "invalid variable name: \`$ac_envvar'" ;; + esac + eval $ac_envvar=\$ac_optarg + export $ac_envvar ;; + + *) + # FIXME: should be removed in autoconf 3.0. + $as_echo "$as_me: WARNING: you should use --build, --host, --target" >&2 + expr "x$ac_option" : ".*[^-._$as_cr_alnum]" >/dev/null && + $as_echo "$as_me: WARNING: invalid host type: $ac_option" >&2 + : "${build_alias=$ac_option} ${host_alias=$ac_option} ${target_alias=$ac_option}" + ;; + + esac +done + +if test -n "$ac_prev"; then + ac_option=--`echo $ac_prev | sed 's/_/-/g'` + as_fn_error $? "missing argument to $ac_option" +fi + +if test -n "$ac_unrecognized_opts"; then + case $enable_option_checking in + no) ;; + fatal) as_fn_error $? "unrecognized options: $ac_unrecognized_opts" ;; + *) $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2 ;; + esac +fi + +# Check all directory arguments for consistency. +for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ + datadir sysconfdir sharedstatedir localstatedir includedir \ + oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ + libdir localedir mandir runstatedir +do + eval ac_val=\$$ac_var + # Remove trailing slashes. + case $ac_val in + */ ) + ac_val=`expr "X$ac_val" : 'X\(.*[^/]\)' \| "X$ac_val" : 'X\(.*\)'` + eval $ac_var=\$ac_val;; + esac + # Be sure to have absolute directory names. + case $ac_val in + [\\/$]* | ?:[\\/]* ) continue;; + NONE | '' ) case $ac_var in *prefix ) continue;; esac;; + esac + as_fn_error $? "expected an absolute directory name for --$ac_var: $ac_val" +done + +# There might be people who depend on the old broken behavior: `$host' +# used to hold the argument of --host etc. +# FIXME: To remove some day. +build=$build_alias +host=$host_alias +target=$target_alias + +# FIXME: To remove some day. +if test "x$host_alias" != x; then + if test "x$build_alias" = x; then + cross_compiling=maybe + elif test "x$build_alias" != "x$host_alias"; then + cross_compiling=yes + fi +fi + +ac_tool_prefix= +test -n "$host_alias" && ac_tool_prefix=$host_alias- + +test "$silent" = yes && exec 6>/dev/null + + +ac_pwd=`pwd` && test -n "$ac_pwd" && +ac_ls_di=`ls -di .` && +ac_pwd_ls_di=`cd "$ac_pwd" && ls -di .` || + as_fn_error $? "working directory cannot be determined" +test "X$ac_ls_di" = "X$ac_pwd_ls_di" || + as_fn_error $? "pwd does not report name of working directory" + + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then the parent directory. + ac_confdir=`$as_dirname -- "$as_myself" || +$as_expr X"$as_myself" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_myself" : 'X\(//\)[^/]' \| \ + X"$as_myself" : 'X\(//\)$' \| \ + X"$as_myself" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_myself" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + srcdir=$ac_confdir + if test ! -r "$srcdir/$ac_unique_file"; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r "$srcdir/$ac_unique_file"; then + test "$ac_srcdir_defaulted" = yes && srcdir="$ac_confdir or .." + as_fn_error $? "cannot find sources ($ac_unique_file) in $srcdir" +fi +ac_msg="sources are in $srcdir, but \`cd $srcdir' does not work" +ac_abs_confdir=`( + cd "$srcdir" && test -r "./$ac_unique_file" || as_fn_error $? "$ac_msg" + pwd)` +# When building in place, set srcdir=. +if test "$ac_abs_confdir" = "$ac_pwd"; then + srcdir=. +fi +# Remove unnecessary trailing slashes from srcdir. +# Double slashes in file names in object file debugging info +# mess up M-x gdb in Emacs. +case $srcdir in +*/) srcdir=`expr "X$srcdir" : 'X\(.*[^/]\)' \| "X$srcdir" : 'X\(.*\)'`;; +esac +for ac_var in $ac_precious_vars; do + eval ac_env_${ac_var}_set=\${${ac_var}+set} + eval ac_env_${ac_var}_value=\$${ac_var} + eval ac_cv_env_${ac_var}_set=\${${ac_var}+set} + eval ac_cv_env_${ac_var}_value=\$${ac_var} +done + +# +# Report the --help message. +# +if test "$ac_init_help" = "long"; then + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat <<_ACEOF +\`configure' configures dnsdist 1.7.3 to adapt to many kinds of systems. + +Usage: $0 [OPTION]... [VAR=VALUE]... + +To assign environment variables (e.g., CC, CFLAGS...), specify them as +VAR=VALUE. See below for descriptions of some of the useful variables. + +Defaults for the options are specified in brackets. + +Configuration: + -h, --help display this help and exit + --help=short display options specific to this package + --help=recursive display the short help of all the included packages + -V, --version display version information and exit + -q, --quiet, --silent do not print \`checking ...' messages + --cache-file=FILE cache test results in FILE [disabled] + -C, --config-cache alias for \`--cache-file=config.cache' + -n, --no-create do not create output files + --srcdir=DIR find the sources in DIR [configure dir or \`..'] + +Installation directories: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [PREFIX] + +By default, \`make install' will install all the files in +\`$ac_default_prefix/bin', \`$ac_default_prefix/lib' etc. You can specify +an installation prefix other than \`$ac_default_prefix' using \`--prefix', +for instance \`--prefix=\$HOME'. + +For better control, use the options below. + +Fine tuning of the installation directories: + --bindir=DIR user executables [EPREFIX/bin] + --sbindir=DIR system admin executables [EPREFIX/sbin] + --libexecdir=DIR program executables [EPREFIX/libexec] + --sysconfdir=DIR read-only single-machine data [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] + --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] + --libdir=DIR object code libraries [EPREFIX/lib] + --includedir=DIR C header files [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc [/usr/include] + --datarootdir=DIR read-only arch.-independent data root [PREFIX/share] + --datadir=DIR read-only architecture-independent data [DATAROOTDIR] + --infodir=DIR info documentation [DATAROOTDIR/info] + --localedir=DIR locale-dependent data [DATAROOTDIR/locale] + --mandir=DIR man documentation [DATAROOTDIR/man] + --docdir=DIR documentation root [DATAROOTDIR/doc/dnsdist] + --htmldir=DIR html documentation [DOCDIR] + --dvidir=DIR dvi documentation [DOCDIR] + --pdfdir=DIR pdf documentation [DOCDIR] + --psdir=DIR ps documentation [DOCDIR] +_ACEOF + + cat <<\_ACEOF + +Program names: + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM run sed PROGRAM on installed program names + +System types: + --build=BUILD configure for building on BUILD [guessed] + --host=HOST cross-compile to build programs to run on HOST [BUILD] +_ACEOF +fi + +if test -n "$ac_init_help"; then + case $ac_init_help in + short | recursive ) echo "Configuration of dnsdist 1.7.3:";; + esac + cat <<\_ACEOF + +Optional Features: + --disable-option-checking ignore unrecognized --enable/--with options + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --enable-silent-rules less verbose build output (undo: "make V=1") + --disable-silent-rules verbose build output (undo: "make V=0") + --enable-dependency-tracking + do not reject slow dependency extractors + --disable-dependency-tracking + speeds up one-time build + --enable-static[=PKGS] build static libraries [default=no] + --enable-shared[=PKGS] build shared libraries [default=yes] + --enable-fast-install[=PKGS] + optimize for fast installation [default=yes] + --disable-libtool-lock avoid locking (might break parallel builds) + --enable-dnstap enable dnstap support [default=auto] + --enable-unit-tests enable unit test building [default=no] + --enable-static-boost Prefer the static boost libraries over the shared + ones [no] + --enable-dnscrypt enable DNSCrypt support (requires libsodium) + [default=no] + --enable-systemd Enable systemd support (default is DISABLED, but + will be enabled when libraries are found) + --enable-dns-over-tls enable DNS over TLS support (requires GnuTLS or + OpenSSL) [default=no] + --enable-dns-over-https enable incoming DNS over HTTPS (DoH) support + (requires libh2o) [default=no] + --disable-hardening disable compiler security checks [default=no] + --enable-asan enable AddressSanitizer [default=no] + --enable-msan enable MemorySanitizer [default=no] + --enable-tsan enable ThreadSanitizer [default=no] + --enable-lsan enable LeakSanitizer [default=no] + --enable-ubsan enable Undefined Behaviour Sanitizer [default=no] + +Optional Packages: + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --with-pic[=PKGS] try to use only PIC/non-PIC objects [default=use + both] + --with-aix-soname=aix|svr4|both + shared library versioning (aka "SONAME") variant to + provide on AIX, [default=aix]. + --with-gnu-ld assume the C compiler uses GNU ld [default=no] + --with-sysroot[=DIR] Search for dependent libraries within DIR (or the + compiler's sysroot if not specified). + --with-libsodium use libsodium [default=auto] + --with-boost=DIR prefix of Boost 1.42 [guess] + --with-re2 with libre2 [default=no] + --with-ebpf enable eBPF support [default=auto] + --with-net-snmp enable net snmp support [default=auto] + --with-libcap use libcap [default=auto] + --with-systemd set directory for systemd service files + --with-systemd-modules-load set directory for systemd modules load files + --with-service-user User to use by service when running the service + [default=dnsdist]. Only the setuid setting and User + in the systemd unit file are affected, the user is + not created. + --with-service-group Group to use by service when running the service + [default=dnsdist]. Only the setgid setting and Group + in the systemd unit file are affected, the group is + not created. + --with-lua select Lua implementation [default=auto] + + --with-libcrypto=DIR root of the OpenSSL directory + --with-libssl use OpenSSL libssl [default=auto] + --with-gnutls use GnuTLS [default=auto] + --with-nghttp2 use nghttp2 [default=auto] + --with-lmdb lmdb library to use [default=auto] + +Some influential environment variables: + CC C compiler command + CFLAGS C compiler flags + LDFLAGS linker flags, e.g. -L if you have libraries in a + nonstandard directory + LIBS libraries to pass to the linker, e.g. -l + CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if + you have headers in a nonstandard directory + CXX C++ compiler command + CXXFLAGS C++ compiler flags + LT_SYS_LIBRARY_PATH + User-defined run-time library search path. + CPP C preprocessor + CXXCPP C++ preprocessor + PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path + LIBSODIUM_CFLAGS + C compiler flags for LIBSODIUM, overriding pkg-config + LIBSODIUM_LIBS + linker flags for LIBSODIUM, overriding pkg-config + FSTRM_CFLAGS + C compiler flags for FSTRM, overriding pkg-config + FSTRM_LIBS linker flags for FSTRM, overriding pkg-config + LIBEDIT_CFLAGS + C compiler flags for LIBEDIT, overriding pkg-config + LIBEDIT_LIBS + linker flags for LIBEDIT, overriding pkg-config + BOOST_ROOT Location of Boost installation + RE2_CFLAGS C compiler flags for RE2, overriding pkg-config + RE2_LIBS linker flags for RE2, overriding pkg-config + LIBCAP_CFLAGS + C compiler flags for LIBCAP, overriding pkg-config + LIBCAP_LIBS linker flags for LIBCAP, overriding pkg-config + SYSTEMD_CFLAGS + C compiler flags for SYSTEMD, overriding pkg-config + SYSTEMD_LIBS + linker flags for SYSTEMD, overriding pkg-config + LUA_CFLAGS C compiler flags for LUA, overriding pkg-config + LUA_LIBS linker flags for LUA, overriding pkg-config + LIBSSL_CFLAGS + C compiler flags for LIBSSL, overriding pkg-config + LIBSSL_LIBS linker flags for LIBSSL, overriding pkg-config + GNUTLS_CFLAGS + C compiler flags for GNUTLS, overriding pkg-config + GNUTLS_LIBS linker flags for GNUTLS, overriding pkg-config + LIBH2OEVLOOP_CFLAGS + C compiler flags for LIBH2OEVLOOP, overriding pkg-config + LIBH2OEVLOOP_LIBS + linker flags for LIBH2OEVLOOP, overriding pkg-config + NGHTTP2_CFLAGS + C compiler flags for NGHTTP2, overriding pkg-config + NGHTTP2_LIBS + linker flags for NGHTTP2, overriding pkg-config + CDB_CFLAGS C compiler flags for CDB, overriding pkg-config + CDB_LIBS linker flags for CDB, overriding pkg-config + LMDB_CFLAGS C compiler flags for LMDB, overriding pkg-config + LMDB_LIBS linker flags for LMDB, overriding pkg-config + PYTHON the Python interpreter + PACKAGEVERSION + The version used in secpoll queries + +Use these variables to override the choices made by `configure' or to help +it to find libraries and programs with nonstandard names/locations. + +Report bugs to the package provider. +_ACEOF +ac_status=$? +fi + +if test "$ac_init_help" = "recursive"; then + # If there are subdirs, report their specific --help. + for ac_dir in : $ac_subdirs_all; do test "x$ac_dir" = x: && continue + test -d "$ac_dir" || + { cd "$srcdir" && ac_pwd=`pwd` && srcdir=. && test -d "$ac_dir"; } || + continue + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + cd "$ac_dir" || { ac_status=$?; continue; } + # Check for guested configure. + if test -f "$ac_srcdir/configure.gnu"; then + echo && + $SHELL "$ac_srcdir/configure.gnu" --help=recursive + elif test -f "$ac_srcdir/configure"; then + echo && + $SHELL "$ac_srcdir/configure" --help=recursive + else + $as_echo "$as_me: WARNING: no configuration information is in $ac_dir" >&2 + fi || ac_status=$? + cd "$ac_pwd" || { ac_status=$?; break; } + done +fi + +test -n "$ac_init_help" && exit $ac_status +if $ac_init_version; then + cat <<\_ACEOF +dnsdist configure 1.7.3 +generated by GNU Autoconf 2.69 + +Copyright (C) 2012 Free Software Foundation, Inc. +This configure script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it. +_ACEOF + exit +fi + +## ------------------------ ## +## Autoconf initialization. ## +## ------------------------ ## + +# ac_fn_c_try_compile LINENO +# -------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_compile + +# ac_fn_cxx_try_compile LINENO +# ---------------------------- +# Try to compile conftest.$ac_ext, and return whether this succeeded. +ac_fn_cxx_try_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext + if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest.$ac_objext; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_cxx_try_compile + +# ac_fn_c_try_link LINENO +# ----------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_c_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_link + +# ac_fn_c_check_header_compile LINENO HEADER VAR INCLUDES +# ------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_c_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_header_compile + +# ac_fn_c_try_cpp LINENO +# ---------------------- +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_c_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_c_preproc_warn_flag$ac_c_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_cpp + +# ac_fn_c_try_run LINENO +# ---------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. Assumes +# that executables *can* be run. +ac_fn_c_try_run () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { ac_try='./conftest$ac_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then : + ac_retval=0 +else + $as_echo "$as_me: program exited with status $ac_status" >&5 + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=$ac_status +fi + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_try_run + +# ac_fn_c_check_func LINENO FUNC VAR +# ---------------------------------- +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_c_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_func + +# ac_fn_cxx_try_cpp LINENO +# ------------------------ +# Try to preprocess conftest.$ac_ext, and return whether this succeeded. +ac_fn_cxx_try_cpp () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if { { ac_try="$ac_cpp conftest.$ac_ext" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_cpp conftest.$ac_ext") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } > conftest.i && { + test -z "$ac_cxx_preproc_warn_flag$ac_cxx_werror_flag" || + test ! -s conftest.err + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_cxx_try_cpp + +# ac_fn_cxx_try_link LINENO +# ------------------------- +# Try to link conftest.$ac_ext, and return whether this succeeded. +ac_fn_cxx_try_link () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + rm -f conftest.$ac_objext conftest$ac_exeext + if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + test -x conftest$ac_exeext + }; then : + ac_retval=0 +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + ac_retval=1 +fi + # Delete the IPA/IPO (Inter Procedural Analysis/Optimization) information + # created by the PGI compiler (conftest_ipa8_conftest.oo), as it would + # interfere with the next link command; also delete a directory that is + # left behind by Apple's compiler. We do this before executing the actions. + rm -rf conftest.dSYM conftest_ipa8_conftest.oo + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_cxx_try_link + +# ac_fn_cxx_check_func LINENO FUNC VAR +# ------------------------------------ +# Tests whether FUNC exists, setting the cache variable VAR accordingly +ac_fn_cxx_check_func () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +/* Define $2 to an innocuous variant, in case declares $2. + For example, HP-UX 11i declares gettimeofday. */ +#define $2 innocuous_$2 + +/* System header to define __stub macros and hopefully few prototypes, + which can conflict with char $2 (); below. + Prefer to if __STDC__ is defined, since + exists even on freestanding compilers. */ + +#ifdef __STDC__ +# include +#else +# include +#endif + +#undef $2 + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char $2 (); +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined __stub_$2 || defined __stub___$2 +choke me +#endif + +int +main () +{ +return $2 (); + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_cxx_check_func + +# ac_fn_cxx_check_header_compile LINENO HEADER VAR INCLUDES +# --------------------------------------------------------- +# Tests whether HEADER exists and can be compiled using the include files in +# INCLUDES, setting the cache variable VAR accordingly. +ac_fn_cxx_check_header_compile () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_cxx_check_header_compile + +# ac_fn_cxx_check_header_mongrel LINENO HEADER VAR INCLUDES +# --------------------------------------------------------- +# Tests whether HEADER exists, giving a warning if it cannot be compiled using +# the include files in INCLUDES and setting the cache variable VAR +# accordingly. +ac_fn_cxx_check_header_mongrel () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if eval \${$3+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +else + # Is the header compilable? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 usability" >&5 +$as_echo_n "checking $2 usability... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +#include <$2> +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + ac_header_compiler=yes +else + ac_header_compiler=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_compiler" >&5 +$as_echo "$ac_header_compiler" >&6; } + +# Is the header present? +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking $2 presence" >&5 +$as_echo_n "checking $2 presence... " >&6; } +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include <$2> +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + ac_header_preproc=yes +else + ac_header_preproc=no +fi +rm -f conftest.err conftest.i conftest.$ac_ext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_header_preproc" >&5 +$as_echo "$ac_header_preproc" >&6; } + +# So? What about this header? +case $ac_header_compiler:$ac_header_preproc:$ac_cxx_preproc_warn_flag in #(( + yes:no: ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&5 +$as_echo "$as_me: WARNING: $2: accepted by the compiler, rejected by the preprocessor!" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; + no:yes:* ) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: present but cannot be compiled" >&5 +$as_echo "$as_me: WARNING: $2: present but cannot be compiled" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: check for missing prerequisite headers?" >&5 +$as_echo "$as_me: WARNING: $2: check for missing prerequisite headers?" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: see the Autoconf documentation" >&5 +$as_echo "$as_me: WARNING: $2: see the Autoconf documentation" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&5 +$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5 +$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;} + ;; +esac + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2" >&5 +$as_echo_n "checking for $2... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + eval "$3=\$ac_header_compiler" +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_cxx_check_header_mongrel + +# ac_fn_cxx_check_decl LINENO SYMBOL VAR INCLUDES +# ----------------------------------------------- +# Tests whether SYMBOL is declared in INCLUDES, setting cache variable VAR +# accordingly. +ac_fn_cxx_check_decl () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + as_decl_name=`echo $2|sed 's/ *(.*//'` + as_decl_use=`echo $2|sed -e 's/(/((/' -e 's/)/) 0&/' -e 's/,/) 0& (/g'` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $as_decl_name is declared" >&5 +$as_echo_n "checking whether $as_decl_name is declared... " >&6; } +if eval \${$3+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +#ifndef $as_decl_name +#ifdef __cplusplus + (void) $as_decl_use; +#else + (void) $as_decl_name; +#endif +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + eval "$3=yes" +else + eval "$3=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$3 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_cxx_check_decl +cat >config.log <<_ACEOF +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. + +It was created by dnsdist $as_me 1.7.3, which was +generated by GNU Autoconf 2.69. Invocation command line was + + $ $0 $@ + +_ACEOF +exec 5>>config.log +{ +cat <<_ASUNAME +## --------- ## +## Platform. ## +## --------- ## + +hostname = `(hostname || uname -n) 2>/dev/null | sed 1q` +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null || echo unknown` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null || echo unknown` + +/bin/arch = `(/bin/arch) 2>/dev/null || echo unknown` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null || echo unknown` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null || echo unknown` +/usr/bin/hostinfo = `(/usr/bin/hostinfo) 2>/dev/null || echo unknown` +/bin/machine = `(/bin/machine) 2>/dev/null || echo unknown` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null || echo unknown` +/bin/universe = `(/bin/universe) 2>/dev/null || echo unknown` + +_ASUNAME + +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + $as_echo "PATH: $as_dir" + done +IFS=$as_save_IFS + +} >&5 + +cat >&5 <<_ACEOF + + +## ----------- ## +## Core tests. ## +## ----------- ## + +_ACEOF + + +# Keep a trace of the command line. +# Strip out --no-create and --no-recursion so they do not pile up. +# Strip out --silent because we don't want to record it for future runs. +# Also quote any args containing shell meta-characters. +# Make two passes to allow for proper duplicate-argument suppression. +ac_configure_args= +ac_configure_args0= +ac_configure_args1= +ac_must_keep_next=false +for ac_pass in 1 2 +do + for ac_arg + do + case $ac_arg in + -no-create | --no-c* | -n | -no-recursion | --no-r*) continue ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + continue ;; + *\'*) + ac_arg=`$as_echo "$ac_arg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + case $ac_pass in + 1) as_fn_append ac_configure_args0 " '$ac_arg'" ;; + 2) + as_fn_append ac_configure_args1 " '$ac_arg'" + if test $ac_must_keep_next = true; then + ac_must_keep_next=false # Got value, back to normal. + else + case $ac_arg in + *=* | --config-cache | -C | -disable-* | --disable-* \ + | -enable-* | --enable-* | -gas | --g* | -nfp | --nf* \ + | -q | -quiet | --q* | -silent | --sil* | -v | -verb* \ + | -with-* | --with-* | -without-* | --without-* | --x) + case "$ac_configure_args0 " in + "$ac_configure_args1"*" '$ac_arg' "* ) continue ;; + esac + ;; + -* ) ac_must_keep_next=true ;; + esac + fi + as_fn_append ac_configure_args " '$ac_arg'" + ;; + esac + done +done +{ ac_configure_args0=; unset ac_configure_args0;} +{ ac_configure_args1=; unset ac_configure_args1;} + +# When interrupted or exit'd, cleanup temporary files, and complete +# config.log. We remove comments because anyway the quotes in there +# would cause problems or look ugly. +# WARNING: Use '\'' to represent an apostrophe within the trap. +# WARNING: Do not start the trap code with a newline, due to a FreeBSD 4.0 bug. +trap 'exit_status=$? + # Save into config.log some information that might help in debugging. + { + echo + + $as_echo "## ---------------- ## +## Cache variables. ## +## ---------------- ##" + echo + # The following way of writing the cache mishandles newlines in values, +( + for ac_var in `(set) 2>&1 | sed -n '\''s/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'\''`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + (set) 2>&1 | + case $as_nl`(ac_space='\'' '\''; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + sed -n \ + "s/'\''/'\''\\\\'\'''\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\''\\2'\''/p" + ;; #( + *) + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) + echo + + $as_echo "## ----------------- ## +## Output variables. ## +## ----------------- ##" + echo + for ac_var in $ac_subst_vars + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + + if test -n "$ac_subst_files"; then + $as_echo "## ------------------- ## +## File substitutions. ## +## ------------------- ##" + echo + for ac_var in $ac_subst_files + do + eval ac_val=\$$ac_var + case $ac_val in + *\'\''*) ac_val=`$as_echo "$ac_val" | sed "s/'\''/'\''\\\\\\\\'\'''\''/g"`;; + esac + $as_echo "$ac_var='\''$ac_val'\''" + done | sort + echo + fi + + if test -s confdefs.h; then + $as_echo "## ----------- ## +## confdefs.h. ## +## ----------- ##" + echo + cat confdefs.h + echo + fi + test "$ac_signal" != 0 && + $as_echo "$as_me: caught signal $ac_signal" + $as_echo "$as_me: exit $exit_status" + } >&5 + rm -f core *.core core.conftest.* && + rm -f -r conftest* confdefs* conf$$* $ac_clean_files && + exit $exit_status +' 0 +for ac_signal in 1 2 13 15; do + trap 'ac_signal='$ac_signal'; as_fn_exit 1' $ac_signal +done +ac_signal=0 + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -f -r conftest* confdefs.h + +$as_echo "/* confdefs.h */" > confdefs.h + +# Predefined preprocessor variables. + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_NAME "$PACKAGE_NAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_TARNAME "$PACKAGE_TARNAME" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_VERSION "$PACKAGE_VERSION" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_STRING "$PACKAGE_STRING" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_BUGREPORT "$PACKAGE_BUGREPORT" +_ACEOF + +cat >>confdefs.h <<_ACEOF +#define PACKAGE_URL "$PACKAGE_URL" +_ACEOF + + +# Let the site file select an alternate cache file if it wants to. +# Prefer an explicitly selected file to automatically selected ones. +ac_site_file1=NONE +ac_site_file2=NONE +if test -n "$CONFIG_SITE"; then + # We do not want a PATH search for config.site. + case $CONFIG_SITE in #(( + -*) ac_site_file1=./$CONFIG_SITE;; + */*) ac_site_file1=$CONFIG_SITE;; + *) ac_site_file1=./$CONFIG_SITE;; + esac +elif test "x$prefix" != xNONE; then + ac_site_file1=$prefix/share/config.site + ac_site_file2=$prefix/etc/config.site +else + ac_site_file1=$ac_default_prefix/share/config.site + ac_site_file2=$ac_default_prefix/etc/config.site +fi +for ac_site_file in "$ac_site_file1" "$ac_site_file2" +do + test "x$ac_site_file" = xNONE && continue + if test /dev/null != "$ac_site_file" && test -r "$ac_site_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading site script $ac_site_file" >&5 +$as_echo "$as_me: loading site script $ac_site_file" >&6;} + sed 's/^/| /' "$ac_site_file" >&5 + . "$ac_site_file" \ + || { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "failed to load site script $ac_site_file +See \`config.log' for more details" "$LINENO" 5; } + fi +done + +if test -r "$cache_file"; then + # Some versions of bash will fail to source /dev/null (special files + # actually), so we avoid doing that. DJGPP emulates it as a regular file. + if test /dev/null != "$cache_file" && test -f "$cache_file"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: loading cache $cache_file" >&5 +$as_echo "$as_me: loading cache $cache_file" >&6;} + case $cache_file in + [\\/]* | ?:[\\/]* ) . "$cache_file";; + *) . "./$cache_file";; + esac + fi +else + { $as_echo "$as_me:${as_lineno-$LINENO}: creating cache $cache_file" >&5 +$as_echo "$as_me: creating cache $cache_file" >&6;} + >$cache_file +fi + +as_fn_append ac_func_list " localtime_r" +as_fn_append ac_func_list " gmtime_r" +# Check that the precious variables saved in the cache have kept the same +# value. +ac_cache_corrupted=false +for ac_var in $ac_precious_vars; do + eval ac_old_set=\$ac_cv_env_${ac_var}_set + eval ac_new_set=\$ac_env_${ac_var}_set + eval ac_old_val=\$ac_cv_env_${ac_var}_value + eval ac_new_val=\$ac_env_${ac_var}_value + case $ac_old_set,$ac_new_set in + set,) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was set to \`$ac_old_val' in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,set) + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' was not set in the previous run" >&5 +$as_echo "$as_me: error: \`$ac_var' was not set in the previous run" >&2;} + ac_cache_corrupted=: ;; + ,);; + *) + if test "x$ac_old_val" != "x$ac_new_val"; then + # differences in whitespace do not lead to failure. + ac_old_val_w=`echo x $ac_old_val` + ac_new_val_w=`echo x $ac_new_val` + if test "$ac_old_val_w" != "$ac_new_val_w"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: \`$ac_var' has changed since the previous run:" >&5 +$as_echo "$as_me: error: \`$ac_var' has changed since the previous run:" >&2;} + ac_cache_corrupted=: + else + { $as_echo "$as_me:${as_lineno-$LINENO}: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&5 +$as_echo "$as_me: warning: ignoring whitespace changes in \`$ac_var' since the previous run:" >&2;} + eval $ac_var=\$ac_old_val + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: former value: \`$ac_old_val'" >&5 +$as_echo "$as_me: former value: \`$ac_old_val'" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: current value: \`$ac_new_val'" >&5 +$as_echo "$as_me: current value: \`$ac_new_val'" >&2;} + fi;; + esac + # Pass precious variables to config.status. + if test "$ac_new_set" = set; then + case $ac_new_val in + *\'*) ac_arg=$ac_var=`$as_echo "$ac_new_val" | sed "s/'/'\\\\\\\\''/g"` ;; + *) ac_arg=$ac_var=$ac_new_val ;; + esac + case " $ac_configure_args " in + *" '$ac_arg' "*) ;; # Avoid dups. Use of quotes ensures accuracy. + *) as_fn_append ac_configure_args " '$ac_arg'" ;; + esac + fi +done +if $ac_cache_corrupted; then + { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} + { $as_echo "$as_me:${as_lineno-$LINENO}: error: changes in the environment can compromise the build" >&5 +$as_echo "$as_me: error: changes in the environment can compromise the build" >&2;} + as_fn_error $? "run \`make distclean' and/or \`rm $cache_file' and start over" "$LINENO" 5 +fi +## -------------------- ## +## Main body of script. ## +## -------------------- ## + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +am__api_version='1.16' + +ac_aux_dir= +for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do + if test -f "$ac_dir/install-sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f "$ac_dir/install.sh"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + elif test -f "$ac_dir/shtool"; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/shtool install -c" + break + fi +done +if test -z "$ac_aux_dir"; then + as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5 +fi + +# These three variables are undocumented and unsupported, +# and are intended to be withdrawn in a future Autoconf release. +# They can cause serious problems if a builder's source tree is in a directory +# whose full name contains unusual characters. +ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var. +ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var. +ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var. + + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AmigaOS /C/install, which installs bootblocks on floppy discs +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# OS/2's system install, which has a completely different semantic +# ./install, which can be erroneously created by make from ./install.sh. +# Reject install programs that cannot install multiple files. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a BSD-compatible install" >&5 +$as_echo_n "checking for a BSD-compatible install... " >&6; } +if test -z "$INSTALL"; then +if ${ac_cv_path_install+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + # Account for people who put trailing slashes in PATH elements. +case $as_dir/ in #(( + ./ | .// | /[cC]/* | \ + /etc/* | /usr/sbin/* | /usr/etc/* | /sbin/* | /usr/afsws/bin/* | \ + ?:[\\/]os2[\\/]install[\\/]* | ?:[\\/]OS2[\\/]INSTALL[\\/]* | \ + /usr/ucb/* ) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext"; then + if test $ac_prog = install && + grep dspmsg "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + elif test $ac_prog = install && + grep pwplus "$as_dir/$ac_prog$ac_exec_ext" >/dev/null 2>&1; then + # program-specific install script used by HP pwplus--don't use. + : + else + rm -rf conftest.one conftest.two conftest.dir + echo one > conftest.one + echo two > conftest.two + mkdir conftest.dir + if "$as_dir/$ac_prog$ac_exec_ext" -c conftest.one conftest.two "`pwd`/conftest.dir" && + test -s conftest.one && test -s conftest.two && + test -s conftest.dir/conftest.one && + test -s conftest.dir/conftest.two + then + ac_cv_path_install="$as_dir/$ac_prog$ac_exec_ext -c" + break 3 + fi + fi + fi + done + done + ;; +esac + + done +IFS=$as_save_IFS + +rm -rf conftest.one conftest.two conftest.dir + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL=$ac_cv_path_install + else + # As a last resort, use the slow shell script. Don't cache a + # value for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + INSTALL=$ac_install_sh + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $INSTALL" >&5 +$as_echo "$INSTALL" >&6; } + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether build environment is sane" >&5 +$as_echo_n "checking whether build environment is sane... " >&6; } +# Reject unsafe characters in $srcdir or the absolute working directory +# name. Accept space and tab only in the latter. +am_lf=' +' +case `pwd` in + *[\\\"\#\$\&\'\`$am_lf]*) + as_fn_error $? "unsafe absolute working directory name" "$LINENO" 5;; +esac +case $srcdir in + *[\\\"\#\$\&\'\`$am_lf\ \ ]*) + as_fn_error $? "unsafe srcdir value: '$srcdir'" "$LINENO" 5;; +esac + +# Do 'set' in a subshell so we don't clobber the current shell's +# arguments. Must try -L first in case configure is actually a +# symlink; some systems play weird games with the mod time of symlinks +# (eg FreeBSD returns the mod time of the symlink's containing +# directory). +if ( + am_has_slept=no + for am_try in 1 2; do + echo "timestamp, slept: $am_has_slept" > conftest.file + set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` + if test "$*" = "X"; then + # -L didn't work. + set X `ls -t "$srcdir/configure" conftest.file` + fi + if test "$*" != "X $srcdir/configure conftest.file" \ + && test "$*" != "X conftest.file $srcdir/configure"; then + + # If neither matched, then we have a broken ls. This can happen + # if, for instance, CONFIG_SHELL is bash and it inherits a + # broken ls alias from the environment. This has actually + # happened. Such a system could not be considered "sane". + as_fn_error $? "ls -t appears to fail. Make sure there is not a broken + alias in your environment" "$LINENO" 5 + fi + if test "$2" = conftest.file || test $am_try -eq 2; then + break + fi + # Just in case. + sleep 1 + am_has_slept=yes + done + test "$2" = conftest.file + ) +then + # Ok. + : +else + as_fn_error $? "newly created file is older than distributed files! +Check your system clock" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +# If we didn't sleep, we still need to ensure time stamps of config.status and +# generated files are strictly newer. +am_sleep_pid= +if grep 'slept: no' conftest.file >/dev/null 2>&1; then + ( sleep 1 ) & + am_sleep_pid=$! +fi + +rm -f conftest.file + +test "$program_prefix" != NONE && + program_transform_name="s&^&$program_prefix&;$program_transform_name" +# Use a double $ so make ignores it. +test "$program_suffix" != NONE && + program_transform_name="s&\$&$program_suffix&;$program_transform_name" +# Double any \ or $. +# By default was `s,x,x', remove it if useless. +ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' +program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` + +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` + +if test x"${MISSING+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + MISSING="\${SHELL} \"$am_aux_dir/missing\"" ;; + *) + MISSING="\${SHELL} $am_aux_dir/missing" ;; + esac +fi +# Use eval to expand $SHELL +if eval "$MISSING --is-lightweight"; then + am_missing_run="$MISSING " +else + am_missing_run= + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: 'missing' script is too old or missing" >&5 +$as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} +fi + +if test x"${install_sh+set}" != xset; then + case $am_aux_dir in + *\ * | *\ *) + install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; + *) + install_sh="\${SHELL} $am_aux_dir/install-sh" + esac +fi + +# Installed binaries are usually stripped using 'strip' when the user +# run "make install-strip". However 'strip' might not be the right +# tool to use in cross-compilation environments, therefore Automake +# will honor the 'STRIP' environment variable to overrule this program. +if test "$cross_compiling" != no; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +fi +INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a thread-safe mkdir -p" >&5 +$as_echo_n "checking for a thread-safe mkdir -p... " >&6; } +if test -z "$MKDIR_P"; then + if ${ac_cv_path_mkdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/opt/sfw/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in mkdir gmkdir; do + for ac_exec_ext in '' $ac_executable_extensions; do + as_fn_executable_p "$as_dir/$ac_prog$ac_exec_ext" || continue + case `"$as_dir/$ac_prog$ac_exec_ext" --version 2>&1` in #( + 'mkdir (GNU coreutils) '* | \ + 'mkdir (coreutils) '* | \ + 'mkdir (fileutils) '4.1*) + ac_cv_path_mkdir=$as_dir/$ac_prog$ac_exec_ext + break 3;; + esac + done + done + done +IFS=$as_save_IFS + +fi + + test -d ./--version && rmdir ./--version + if test "${ac_cv_path_mkdir+set}" = set; then + MKDIR_P="$ac_cv_path_mkdir -p" + else + # As a last resort, use the slow shell script. Don't cache a + # value for MKDIR_P within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the value is a relative name. + MKDIR_P="$ac_install_sh -d" + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $MKDIR_P" >&5 +$as_echo "$MKDIR_P" >&6; } + +for ac_prog in gawk mawk nawk awk +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AWK+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AWK="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AWK=$ac_cv_prog_AWK +if test -n "$AWK"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AWK" >&5 +$as_echo "$AWK" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AWK" && break +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} sets \$(MAKE)" >&5 +$as_echo_n "checking whether ${MAKE-make} sets \$(MAKE)... " >&6; } +set x ${MAKE-make} +ac_make=`$as_echo "$2" | sed 's/+/p/g; s/[^a-zA-Z0-9_]/_/g'` +if eval \${ac_cv_prog_make_${ac_make}_set+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat >conftest.make <<\_ACEOF +SHELL = /bin/sh +all: + @echo '@@@%%%=$(MAKE)=@@@%%%' +_ACEOF +# GNU make sometimes prints "make[1]: Entering ...", which would confuse us. +case `${MAKE-make} -f conftest.make 2>/dev/null` in + *@@@%%%=?*=@@@%%%*) + eval ac_cv_prog_make_${ac_make}_set=yes;; + *) + eval ac_cv_prog_make_${ac_make}_set=no;; +esac +rm -f conftest.make +fi +if eval test \$ac_cv_prog_make_${ac_make}_set = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + SET_MAKE= +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + SET_MAKE="MAKE=${MAKE-make}" +fi + +rm -rf .tst 2>/dev/null +mkdir .tst 2>/dev/null +if test -d .tst; then + am__leading_dot=. +else + am__leading_dot=_ +fi +rmdir .tst 2>/dev/null + +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=1;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + +if test "`cd $srcdir && pwd`" != "`pwd`"; then + # Use -I$(srcdir) only when $(srcdir) != ., so that make's output + # is not polluted with repeated "-I." + am__isrc=' -I$(srcdir)' + # test to see if srcdir already configured + if test -f $srcdir/config.status; then + as_fn_error $? "source directory already configured; run \"make distclean\" there first" "$LINENO" 5 + fi +fi + +# test whether we have cygpath +if test -z "$CYGPATH_W"; then + if (cygpath --version) >/dev/null 2>/dev/null; then + CYGPATH_W='cygpath -w' + else + CYGPATH_W=echo + fi +fi + + +# Define the identity of the package. + PACKAGE='dnsdist' + VERSION='1.7.3' + + +cat >>confdefs.h <<_ACEOF +#define PACKAGE "$PACKAGE" +_ACEOF + + +cat >>confdefs.h <<_ACEOF +#define VERSION "$VERSION" +_ACEOF + +# Some tools Automake needs. + +ACLOCAL=${ACLOCAL-"${am_missing_run}aclocal-${am__api_version}"} + + +AUTOCONF=${AUTOCONF-"${am_missing_run}autoconf"} + + +AUTOMAKE=${AUTOMAKE-"${am_missing_run}automake-${am__api_version}"} + + +AUTOHEADER=${AUTOHEADER-"${am_missing_run}autoheader"} + + +MAKEINFO=${MAKEINFO-"${am_missing_run}makeinfo"} + +# For better backward compatibility. To be removed once Automake 1.9.x +# dies out for good. For more background, see: +# +# +mkdir_p='$(MKDIR_P)' + +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. +# Always define AMTAR for backward compatibility. Yes, it's still used +# in the wild :-( We should find a proper way to deprecate it ... +AMTAR='$${TAR-tar}' + + +# We'll loop over all known methods to create a tar archive until one works. +_am_tools='gnutar plaintar pax cpio none' + +# The POSIX 1988 'ustar' format is defined with fixed-size fields. + # There is notably a 21 bits limit for the UID and the GID. In fact, + # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 + # and bug#13588). + am_max_uid=2097151 # 2^21 - 1 + am_max_gid=$am_max_uid + # The $UID and $GID variables are not portable, so we need to resort + # to the POSIX-mandated id(1) utility. Errors in the 'id' calls + # below are definitely unexpected, so allow the users to see them + # (that is, avoid stderr redirection). + am_uid=`id -u || echo unknown` + am_gid=`id -g || echo unknown` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether UID '$am_uid' is supported by ustar format" >&5 +$as_echo_n "checking whether UID '$am_uid' is supported by ustar format... " >&6; } + if test $am_uid -le $am_max_uid; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + _am_tools=none + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether GID '$am_gid' is supported by ustar format" >&5 +$as_echo_n "checking whether GID '$am_gid' is supported by ustar format... " >&6; } + if test $am_gid -le $am_max_gid; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + _am_tools=none + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to create a ustar tar archive" >&5 +$as_echo_n "checking how to create a ustar tar archive... " >&6; } + + # Go ahead even if we have the value already cached. We do so because we + # need to set the values for the 'am__tar' and 'am__untar' variables. + _am_tools=${am_cv_prog_tar_ustar-$_am_tools} + + for _am_tool in $_am_tools; do + case $_am_tool in + gnutar) + for _am_tar in tar gnutar gtar; do + { echo "$as_me:$LINENO: $_am_tar --version" >&5 + ($_am_tar --version) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } && break + done + am__tar="$_am_tar --format=ustar -chf - "'"$$tardir"' + am__tar_="$_am_tar --format=ustar -chf - "'"$tardir"' + am__untar="$_am_tar -xf -" + ;; + plaintar) + # Must skip GNU tar: if it does not support --format= it doesn't create + # ustar tarball either. + (tar --version) >/dev/null 2>&1 && continue + am__tar='tar chf - "$$tardir"' + am__tar_='tar chf - "$tardir"' + am__untar='tar xf -' + ;; + pax) + am__tar='pax -L -x ustar -w "$$tardir"' + am__tar_='pax -L -x ustar -w "$tardir"' + am__untar='pax -r' + ;; + cpio) + am__tar='find "$$tardir" -print | cpio -o -H ustar -L' + am__tar_='find "$tardir" -print | cpio -o -H ustar -L' + am__untar='cpio -i -H ustar -d' + ;; + none) + am__tar=false + am__tar_=false + am__untar=false + ;; + esac + + # If the value was cached, stop now. We just wanted to have am__tar + # and am__untar set. + test -n "${am_cv_prog_tar_ustar}" && break + + # tar/untar a dummy directory, and stop if the command works. + rm -rf conftest.dir + mkdir conftest.dir + echo GrepMe > conftest.dir/file + { echo "$as_me:$LINENO: tardir=conftest.dir && eval $am__tar_ >conftest.tar" >&5 + (tardir=conftest.dir && eval $am__tar_ >conftest.tar) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + rm -rf conftest.dir + if test -s conftest.tar; then + { echo "$as_me:$LINENO: $am__untar &5 + ($am__untar &5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + { echo "$as_me:$LINENO: cat conftest.dir/file" >&5 + (cat conftest.dir/file) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + grep GrepMe conftest.dir/file >/dev/null 2>&1 && break + fi + done + rm -rf conftest.dir + + if ${am_cv_prog_tar_ustar+:} false; then : + $as_echo_n "(cached) " >&6 +else + am_cv_prog_tar_ustar=$_am_tool +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_tar_ustar" >&5 +$as_echo "$am_cv_prog_tar_ustar" >&6; } + + + + + + +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: . + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 + fi +fi + +# Check whether --enable-silent-rules was given. +if test "${enable_silent_rules+set}" = set; then : + enableval=$enable_silent_rules; +fi + +case $enable_silent_rules in # ((( + yes) AM_DEFAULT_VERBOSITY=0;; + no) AM_DEFAULT_VERBOSITY=1;; + *) AM_DEFAULT_VERBOSITY=0;; +esac +am_make=${MAKE-make} +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $am_make supports nested variables" >&5 +$as_echo_n "checking whether $am_make supports nested variables... " >&6; } +if ${am_cv_make_support_nested_variables+:} false; then : + $as_echo_n "(cached) " >&6 +else + if $as_echo 'TRUE=$(BAR$(V)) +BAR0=false +BAR1=true +V=1 +am__doit: + @$(TRUE) +.PHONY: am__doit' | $am_make -f - >/dev/null 2>&1; then + am_cv_make_support_nested_variables=yes +else + am_cv_make_support_nested_variables=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_make_support_nested_variables" >&5 +$as_echo "$am_cv_make_support_nested_variables" >&6; } +if test $am_cv_make_support_nested_variables = yes; then + AM_V='$(V)' + AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' +else + AM_V=$AM_DEFAULT_VERBOSITY + AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY +fi +AM_BACKSLASH='\' + + +ac_config_headers="$ac_config_headers config.h" + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}gcc", so it can be a program name with args. +set dummy ${ac_tool_prefix}gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_CC"; then + ac_ct_CC=$CC + # Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="gcc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +else + CC="$ac_cv_prog_CC" +fi + +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}cc", so it can be a program name with args. +set dummy ${ac_tool_prefix}cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="${ac_tool_prefix}cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi +fi +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + ac_prog_rejected=no +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + if test "$as_dir/$ac_word$ac_exec_ext" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# != 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + ac_cv_prog_CC="$as_dir/$ac_word${1+' '}$@" + fi +fi +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$CC"; then + if test -n "$ac_tool_prefix"; then + for ac_prog in cl.exe + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CC="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CC=$ac_cv_prog_CC +if test -n "$CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CC" >&5 +$as_echo "$CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CC" && break + done +fi +if test -z "$CC"; then + ac_ct_CC=$CC + for ac_prog in cl.exe +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CC+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CC"; then + ac_cv_prog_ac_ct_CC="$ac_ct_CC" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CC="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CC=$ac_cv_prog_ac_ct_CC +if test -n "$ac_ct_CC"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CC" >&5 +$as_echo "$ac_ct_CC" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CC" && break +done + + if test "x$ac_ct_CC" = x; then + CC="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CC=$ac_ct_CC + fi +fi + +fi + + +test -z "$CC" && { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "no acceptable C compiler found in \$PATH +See \`config.log' for more details" "$LINENO" 5; } + +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files a.out a.out.dSYM a.exe b.out" +# Try to create an executable without -o first, disregard a.out. +# It will help us diagnose broken compilers, and finding out an intuition +# of exeext. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler works" >&5 +$as_echo_n "checking whether the C compiler works... " >&6; } +ac_link_default=`$as_echo "$ac_link" | sed 's/ -o *conftest[^ ]*//'` + +# The possible output files: +ac_files="a.out conftest.exe conftest a.exe a_out.exe b.out conftest.*" + +ac_rmfiles= +for ac_file in $ac_files +do + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + * ) ac_rmfiles="$ac_rmfiles $ac_file";; + esac +done +rm -f $ac_rmfiles + +if { { ac_try="$ac_link_default" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link_default") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # Autoconf-2.13 could set the ac_cv_exeext variable to `no'. +# So ignore a value of `no', otherwise this would lead to `EXEEXT = no' +# in a Makefile. We should not override ac_cv_exeext if it was cached, +# so that the user can short-circuit this test for compilers unknown to +# Autoconf. +for ac_file in $ac_files '' +do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) + ;; + [ab].out ) + # We found the default executable, but exeext='' is most + # certainly right. + break;; + *.* ) + if test "${ac_cv_exeext+set}" = set && test "$ac_cv_exeext" != no; + then :; else + ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + fi + # We set ac_cv_exeext here because the later test for it is not + # safe: cross compilers may not add the suffix if given an `-o' + # argument, so we may need to know it at that point already. + # Even if this section looks crufty: it has the advantage of + # actually working. + break;; + * ) + break;; + esac +done +test "$ac_cv_exeext" = no && ac_cv_exeext= + +else + ac_file='' +fi +if test -z "$ac_file"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +$as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "C compiler cannot create executables +See \`config.log' for more details" "$LINENO" 5; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for C compiler default output file name" >&5 +$as_echo_n "checking for C compiler default output file name... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_file" >&5 +$as_echo "$ac_file" >&6; } +ac_exeext=$ac_cv_exeext + +rm -f -r a.out a.out.dSYM a.exe conftest$ac_cv_exeext b.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of executables" >&5 +$as_echo_n "checking for suffix of executables... " >&6; } +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + # If both `conftest.exe' and `conftest' are `present' (well, observable) +# catch `conftest.exe'. For instance with Cygwin, `ls conftest' will +# work properly (i.e., refer to `conftest.exe'), while it won't with +# `rm'. +for ac_file in conftest.exe conftest conftest.*; do + test -f "$ac_file" || continue + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM | *.o | *.obj ) ;; + *.* ) ac_cv_exeext=`expr "$ac_file" : '[^.]*\(\..*\)'` + break;; + * ) break;; + esac +done +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of executables: cannot compile and link +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest conftest$ac_cv_exeext +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_exeext" >&5 +$as_echo "$ac_cv_exeext" >&6; } + +rm -f conftest.$ac_ext +EXEEXT=$ac_cv_exeext +ac_exeext=$EXEEXT +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +FILE *f = fopen ("conftest.out", "w"); + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +ac_clean_files="$ac_clean_files conftest.out" +# Check that the compiler produces executables we can run. If not, either +# the compiler is broken, or we cross compile. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are cross compiling" >&5 +$as_echo_n "checking whether we are cross compiling... " >&6; } +if test "$cross_compiling" != yes; then + { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if { ac_try='./conftest$ac_cv_exeext' + { { case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_try") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; }; then + cross_compiling=no + else + if test "$cross_compiling" = maybe; then + cross_compiling=yes + else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot run C compiled programs. +If you meant to cross compile, use \`--host'. +See \`config.log' for more details" "$LINENO" 5; } + fi + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $cross_compiling" >&5 +$as_echo "$cross_compiling" >&6; } + +rm -f conftest.$ac_ext conftest$ac_cv_exeext conftest.out +ac_clean_files=$ac_clean_files_save +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for suffix of object files" >&5 +$as_echo_n "checking for suffix of object files... " >&6; } +if ${ac_cv_objext+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +rm -f conftest.o conftest.obj +if { { ac_try="$ac_compile" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compile") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then : + for ac_file in conftest.o conftest.obj conftest.*; do + test -f "$ac_file" || continue; + case $ac_file in + *.$ac_ext | *.xcoff | *.tds | *.d | *.pdb | *.xSYM | *.bb | *.bbg | *.map | *.inf | *.dSYM ) ;; + *) ac_cv_objext=`expr "$ac_file" : '.*\.\(.*\)'` + break;; + esac +done +else + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + +{ { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "cannot compute suffix of object files: cannot compile +See \`config.log' for more details" "$LINENO" 5; } +fi +rm -f conftest.$ac_cv_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_objext" >&5 +$as_echo "$ac_cv_objext" >&6; } +OBJEXT=$ac_cv_objext +ac_objext=$OBJEXT +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C compiler" >&5 +$as_echo_n "checking whether we are using the GNU C compiler... " >&6; } +if ${ac_cv_c_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_c_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_c_compiler_gnu" >&5 +$as_echo "$ac_cv_c_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GCC=yes +else + GCC= +fi +ac_test_CFLAGS=${CFLAGS+set} +ac_save_CFLAGS=$CFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC accepts -g" >&5 +$as_echo_n "checking whether $CC accepts -g... " >&6; } +if ${ac_cv_prog_cc_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_c_werror_flag=$ac_c_werror_flag + ac_c_werror_flag=yes + ac_cv_prog_cc_g=no + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +else + CFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + +else + ac_c_werror_flag=$ac_save_c_werror_flag + CFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_c_werror_flag=$ac_save_c_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_g" >&5 +$as_echo "$ac_cv_prog_cc_g" >&6; } +if test "$ac_test_CFLAGS" = set; then + CFLAGS=$ac_save_CFLAGS +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $CC option to accept ISO C89" >&5 +$as_echo_n "checking for $CC option to accept ISO C89... " >&6; } +if ${ac_cv_prog_cc_c89+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_cv_prog_cc_c89=no +ac_save_CC=$CC +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +struct stat; +/* Most of the following tests are stolen from RCS 5.7's src/conf.sh. */ +struct buf { int x; }; +FILE * (*rcsopen) (struct buf *, struct stat *, int); +static char *e (p, i) + char **p; + int i; +{ + return p[i]; +} +static char *f (char * (*g) (char **, int), char **p, ...) +{ + char *s; + va_list v; + va_start (v,p); + s = g (p, va_arg (v,int)); + va_end (v); + return s; +} + +/* OSF 4.0 Compaq cc is some sort of almost-ANSI by default. It has + function prototypes and stuff, but not '\xHH' hex character constants. + These don't provoke an error unfortunately, instead are silently treated + as 'x'. The following induces an error, until -std is added to get + proper ANSI mode. Curiously '\x00'!='x' always comes out true, for an + array size at least. It's necessary to write '\x00'==0 to get something + that's true only with -std. */ +int osf4_cc_array ['\x00' == 0 ? 1 : -1]; + +/* IBM C 6 for AIX is almost-ANSI by default, but it replaces macro parameters + inside strings and character constants. */ +#define FOO(x) 'x' +int xlc6_cc_array[FOO(a) == 'x' ? 1 : -1]; + +int test (int i, double x); +struct s1 {int (*f) (int a);}; +struct s2 {int (*f) (double a);}; +int pairnames (int, char **, FILE *(*)(struct buf *, struct stat *, int), int, int); +int argc; +char **argv; +int +main () +{ +return f (e, argv, 0) != argv[0] || f (e, argv, 1) != argv[1]; + ; + return 0; +} +_ACEOF +for ac_arg in '' -qlanglvl=extc89 -qlanglvl=ansi -std \ + -Ae "-Aa -D_HPUX_SOURCE" "-Xc -D__EXTENSIONS__" +do + CC="$ac_save_CC $ac_arg" + if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_prog_cc_c89=$ac_arg +fi +rm -f core conftest.err conftest.$ac_objext + test "x$ac_cv_prog_cc_c89" != "xno" && break +done +rm -f conftest.$ac_ext +CC=$ac_save_CC + +fi +# AC_CACHE_VAL +case "x$ac_cv_prog_cc_c89" in + x) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none needed" >&5 +$as_echo "none needed" >&6; } ;; + xno) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unsupported" >&5 +$as_echo "unsupported" >&6; } ;; + *) + CC="$CC $ac_cv_prog_cc_c89" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cc_c89" >&5 +$as_echo "$ac_cv_prog_cc_c89" >&6; } ;; +esac +if test "x$ac_cv_prog_cc_c89" != xno; then : + +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 +$as_echo_n "checking whether $CC understands -c and -o together... " >&6; } +if ${am_cv_prog_cc_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5 + ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 +$as_echo "$am_cv_prog_cc_c_o" >&6; } +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +DEPDIR="${am__leading_dot}deps" + +ac_config_commands="$ac_config_commands depfiles" + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ${MAKE-make} supports the include directive" >&5 +$as_echo_n "checking whether ${MAKE-make} supports the include directive... " >&6; } +cat > confinc.mk << 'END' +am__doit: + @echo this is the am__doit target >confinc.out +.PHONY: am__doit +END +am__include="#" +am__quote= +# BSD make does it like this. +echo '.include "confinc.mk" # ignored' > confmf.BSD +# Other make implementations (GNU, Solaris 10, AIX) do it like this. +echo 'include confinc.mk # ignored' > confmf.GNU +_am_result=no +for s in GNU BSD; do + { echo "$as_me:$LINENO: ${MAKE-make} -f confmf.$s && cat confinc.out" >&5 + (${MAKE-make} -f confmf.$s && cat confinc.out) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } + case $?:`cat confinc.out 2>/dev/null` in #( + '0:this is the am__doit target') : + case $s in #( + BSD) : + am__include='.include' am__quote='"' ;; #( + *) : + am__include='include' am__quote='' ;; +esac ;; #( + *) : + ;; +esac + if test "$am__include" != "#"; then + _am_result="yes ($s style)" + break + fi +done +rm -f confinc.* confmf.* +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: ${_am_result}" >&5 +$as_echo "${_am_result}" >&6; } + +# Check whether --enable-dependency-tracking was given. +if test "${enable_dependency_tracking+set}" = set; then : + enableval=$enable_dependency_tracking; +fi + +if test "x$enable_dependency_tracking" != xno; then + am_depcomp="$ac_aux_dir/depcomp" + AMDEPBACKSLASH='\' + am__nodep='_no' +fi + if test "x$enable_dependency_tracking" != xno; then + AMDEP_TRUE= + AMDEP_FALSE='#' +else + AMDEP_TRUE='#' + AMDEP_FALSE= +fi + + + +depcc="$CC" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CC_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CC_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CC_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CC_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CC_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CC_dependencies_compiler_type" >&6; } +CCDEPMODE=depmode=$am_cv_CC_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CC_dependencies_compiler_type" = gcc3; then + am__fastdepCC_TRUE= + am__fastdepCC_FALSE='#' +else + am__fastdepCC_TRUE='#' + am__fastdepCC_FALSE= +fi + + +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +if test -z "$CXX"; then + if test -n "$CCC"; then + CXX=$CCC + else + if test -n "$ac_tool_prefix"; then + for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$CXX"; then + ac_cv_prog_CXX="$CXX" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_CXX="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +CXX=$ac_cv_prog_CXX +if test -n "$CXX"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXX" >&5 +$as_echo "$CXX" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$CXX" && break + done +fi +if test -z "$CXX"; then + ac_ct_CXX=$CXX + for ac_prog in g++ c++ gpp aCC CC cxx cc++ cl.exe FCC KCC RCC xlC_r xlC +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_CXX"; then + ac_cv_prog_ac_ct_CXX="$ac_ct_CXX" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_CXX="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_CXX=$ac_cv_prog_ac_ct_CXX +if test -n "$ac_ct_CXX"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_CXX" >&5 +$as_echo "$ac_ct_CXX" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_CXX" && break +done + + if test "x$ac_ct_CXX" = x; then + CXX="g++" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + CXX=$ac_ct_CXX + fi +fi + + fi +fi +# Provide some information about the compiler. +$as_echo "$as_me:${as_lineno-$LINENO}: checking for C++ compiler version" >&5 +set X $ac_compile +ac_compiler=$2 +for ac_option in --version -v -V -qversion; do + { { ac_try="$ac_compiler $ac_option >&5" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_compiler $ac_option >&5") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + sed '10a\ +... rest of stderr output deleted ... + 10q' conftest.err >conftest.er1 + cat conftest.er1 >&5 + fi + rm -f conftest.er1 conftest.err + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } +done + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we are using the GNU C++ compiler" >&5 +$as_echo_n "checking whether we are using the GNU C++ compiler... " >&6; } +if ${ac_cv_cxx_compiler_gnu+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ +#ifndef __GNUC__ + choke me +#endif + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + ac_compiler_gnu=yes +else + ac_compiler_gnu=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_cv_cxx_compiler_gnu=$ac_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_cxx_compiler_gnu" >&5 +$as_echo "$ac_cv_cxx_compiler_gnu" >&6; } +if test $ac_compiler_gnu = yes; then + GXX=yes +else + GXX= +fi +ac_test_CXXFLAGS=${CXXFLAGS+set} +ac_save_CXXFLAGS=$CXXFLAGS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX accepts -g" >&5 +$as_echo_n "checking whether $CXX accepts -g... " >&6; } +if ${ac_cv_prog_cxx_g+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_cxx_werror_flag=$ac_cxx_werror_flag + ac_cxx_werror_flag=yes + ac_cv_prog_cxx_g=no + CXXFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + ac_cv_prog_cxx_g=yes +else + CXXFLAGS="" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + +else + ac_cxx_werror_flag=$ac_save_cxx_werror_flag + CXXFLAGS="-g" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + ac_cv_prog_cxx_g=yes +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + ac_cxx_werror_flag=$ac_save_cxx_werror_flag +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_prog_cxx_g" >&5 +$as_echo "$ac_cv_prog_cxx_g" >&6; } +if test "$ac_test_CXXFLAGS" = set; then + CXXFLAGS=$ac_save_CXXFLAGS +elif test $ac_cv_prog_cxx_g = yes; then + if test "$GXX" = yes; then + CXXFLAGS="-g -O2" + else + CXXFLAGS="-g" + fi +else + if test "$GXX" = yes; then + CXXFLAGS="-O2" + else + CXXFLAGS= + fi +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +depcc="$CXX" am_compiler_list= + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 +$as_echo_n "checking dependency style of $depcc... " >&6; } +if ${am_cv_CXX_dependencies_compiler_type+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then + # We make a subdir and do the tests there. Otherwise we can end up + # making bogus files that we don't know about and never remove. For + # instance it was reported that on HP-UX the gcc test will end up + # making a dummy file named 'D' -- because '-MD' means "put the output + # in D". + rm -rf conftest.dir + mkdir conftest.dir + # Copy depcomp to subdir because otherwise we won't find it if we're + # using a relative directory. + cp "$am_depcomp" conftest.dir + cd conftest.dir + # We will build objects and dependencies in a subdirectory because + # it helps to detect inapplicable dependency modes. For instance + # both Tru64's cc and ICC support -MD to output dependencies as a + # side effect of compilation, but ICC will put the dependencies in + # the current directory while Tru64 will put them in the object + # directory. + mkdir sub + + am_cv_CXX_dependencies_compiler_type=none + if test "$am_compiler_list" = ""; then + am_compiler_list=`sed -n 's/^#*\([a-zA-Z0-9]*\))$/\1/p' < ./depcomp` + fi + am__universal=false + case " $depcc " in #( + *\ -arch\ *\ -arch\ *) am__universal=true ;; + esac + + for depmode in $am_compiler_list; do + # Setup a source with many dependencies, because some compilers + # like to wrap large dependency lists on column 80 (with \), and + # we should not choose a depcomp mode which is confused by this. + # + # We need to recreate these files for each test, as the compiler may + # overwrite some of them when testing with obscure command lines. + # This happens at least with the AIX C compiler. + : > sub/conftest.c + for i in 1 2 3 4 5 6; do + echo '#include "conftst'$i'.h"' >> sub/conftest.c + # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with + # Solaris 10 /bin/sh. + echo '/* dummy */' > sub/conftst$i.h + done + echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf + + # We check with '-c' and '-o' for the sake of the "dashmstdout" + # mode. It turns out that the SunPro C++ compiler does not properly + # handle '-M -o', and we need to detect this. Also, some Intel + # versions had trouble with output in subdirs. + am__obj=sub/conftest.${OBJEXT-o} + am__minus_obj="-o $am__obj" + case $depmode in + gcc) + # This depmode causes a compiler race in universal mode. + test "$am__universal" = false || continue + ;; + nosideeffect) + # After this tag, mechanisms are not by side-effect, so they'll + # only be used when explicitly requested. + if test "x$enable_dependency_tracking" = xyes; then + continue + else + break + fi + ;; + msvc7 | msvc7msys | msvisualcpp | msvcmsys) + # This compiler won't grok '-c -o', but also, the minuso test has + # not run yet. These depmodes are late enough in the game, and + # so weak that their functioning should not be impacted. + am__obj=conftest.${OBJEXT-o} + am__minus_obj= + ;; + none) break ;; + esac + if depmode=$depmode \ + source=sub/conftest.c object=$am__obj \ + depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ + $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ + >/dev/null 2>conftest.err && + grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && + grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && + grep $am__obj sub/conftest.Po > /dev/null 2>&1 && + ${MAKE-make} -s -f confmf > /dev/null 2>&1; then + # icc doesn't choke on unknown options, it will just issue warnings + # or remarks (even with -Werror). So we grep stderr for any message + # that says an option was ignored or not supported. + # When given -MP, icc 7.0 and 7.1 complain thusly: + # icc: Command line warning: ignoring option '-M'; no argument required + # The diagnosis changed in icc 8.0: + # icc: Command line remark: option '-MP' not supported + if (grep 'ignoring option' conftest.err || + grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else + am_cv_CXX_dependencies_compiler_type=$depmode + break + fi + fi + done + + cd .. + rm -rf conftest.dir +else + am_cv_CXX_dependencies_compiler_type=none +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_CXX_dependencies_compiler_type" >&5 +$as_echo "$am_cv_CXX_dependencies_compiler_type" >&6; } +CXXDEPMODE=depmode=$am_cv_CXX_dependencies_compiler_type + + if + test "x$enable_dependency_tracking" != xno \ + && test "$am_cv_CXX_dependencies_compiler_type" = gcc3; then + am__fastdepCXX_TRUE= + am__fastdepCXX_FALSE='#' +else + am__fastdepCXX_TRUE='#' + am__fastdepCXX_FALSE= +fi + + +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5 +$as_echo_n "checking size of time_t... " >&6; } +if ${ac_cv_sizeof_time_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + for ac_size in 4 8 1 2 16 ; do # List sizes in rough order of prevalence. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include + + +int +main () +{ +switch (0) case 0: case (sizeof (time_t) == $ac_size):; + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + ac_cv_sizeof_time_t=$ac_size +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + if test x$ac_cv_sizeof_time_t != x ; then break; fi +done + +fi + +if test x$ac_cv_sizeof_time_t = x ; then + as_fn_error $? "cannot determine a size for time_t" "$LINENO" 5 +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5 +$as_echo "$ac_cv_sizeof_time_t" >&6; } + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_TIME_T $ac_cv_sizeof_time_t +_ACEOF + + +if test $ac_size -lt 8; then : + as_fn_error $? "size of time_t is $ac_size, which is not large enough to fix the y2k38 bug" "$LINENO" 5 +fi + + typename=`echo time_t | sed "s/[^a-zA-Z0-9_]/_/g"` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether time_t is signed" >&5 +$as_echo_n "checking whether time_t is signed... " >&6; } +if eval \${ax_cv_decl_${typename}_signed+:} false; then : + $as_echo_n "(cached) " >&6 +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + +int +main () +{ + int foo [ 1 - 2 * !(((time_t) -1) < 0) ] + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + eval "ax_cv_decl_${typename}_signed=\"yes\"" +else + eval "ax_cv_decl_${typename}_signed=\"no\"" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +eval ac_res=\$ax_cv_decl_${typename}_signed + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + symbolname=`echo time_t | sed "s/[^a-zA-Z0-9_]/_/g" | tr "a-z" "A-Z"` + if eval "test \"\${ax_cv_decl_${typename}_signed}\" = \"yes\""; then + : + elif eval "test \"\${ax_cv_decl_${typename}_signed}\" = \"no\""; then + as_fn_error $? "time_t is unsigned, PowerDNS code relies on it being signed" "$LINENO" 5 + fi + + + + +$as_echo "#define DNSDIST 1" >>confdefs.h + + + +case `pwd` in + *\ * | *\ *) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&5 +$as_echo "$as_me: WARNING: Libtool does not cope well with whitespace in \`pwd\`" >&2;} ;; +esac + + + +macro_version='2.4.6' +macro_revision='2.4.6' + + + + + + + + + + + + + +ltmain=$ac_aux_dir/ltmain.sh + +# Make sure we can run config.sub. +$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || + as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5 +$as_echo_n "checking build system type... " >&6; } +if ${ac_cv_build+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_build_alias=$build_alias +test "x$ac_build_alias" = x && + ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"` +test "x$ac_build_alias" = x && + as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5 +ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5 + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5 +$as_echo "$ac_cv_build" >&6; } +case $ac_cv_build in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;; +esac +build=$ac_cv_build +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_build +shift +build_cpu=$1 +build_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +build_os=$* +IFS=$ac_save_IFS +case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5 +$as_echo_n "checking host system type... " >&6; } +if ${ac_cv_host+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$host_alias" = x; then + ac_cv_host=$ac_cv_build +else + ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` || + as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5 +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5 +$as_echo "$ac_cv_host" >&6; } +case $ac_cv_host in +*-*-*) ;; +*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;; +esac +host=$ac_cv_host +ac_save_IFS=$IFS; IFS='-' +set x $ac_cv_host +shift +host_cpu=$1 +host_vendor=$2 +shift; shift +# Remember, the first character of IFS is used to create $*, +# except with old shells: +host_os=$* +IFS=$ac_save_IFS +case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac + + +# Backslashify metacharacters that are still active within +# double-quoted strings. +sed_quote_subst='s/\(["`$\\]\)/\\\1/g' + +# Same as above, but do not quote variable references. +double_quote_subst='s/\(["`\\]\)/\\\1/g' + +# Sed substitution to delay expansion of an escaped shell variable in a +# double_quote_subst'ed string. +delay_variable_subst='s/\\\\\\\\\\\$/\\\\\\$/g' + +# Sed substitution to delay expansion of an escaped single quote. +delay_single_quote_subst='s/'\''/'\'\\\\\\\'\''/g' + +# Sed substitution to avoid accidental globbing in evaled expressions +no_glob_subst='s/\*/\\\*/g' + +ECHO='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO +ECHO=$ECHO$ECHO$ECHO$ECHO$ECHO$ECHO + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to print strings" >&5 +$as_echo_n "checking how to print strings... " >&6; } +# Test print first, because it will be a builtin if present. +if test "X`( print -r -- -n ) 2>/dev/null`" = X-n && \ + test "X`print -r -- $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='print -r --' +elif test "X`printf %s $ECHO 2>/dev/null`" = "X$ECHO"; then + ECHO='printf %s\n' +else + # Use this function as a fallback that always works. + func_fallback_echo () + { + eval 'cat <<_LTECHO_EOF +$1 +_LTECHO_EOF' + } + ECHO='func_fallback_echo' +fi + +# func_echo_all arg... +# Invoke $ECHO with all args, space-separated. +func_echo_all () +{ + $ECHO "" +} + +case $ECHO in + printf*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: printf" >&5 +$as_echo "printf" >&6; } ;; + print*) { $as_echo "$as_me:${as_lineno-$LINENO}: result: print -r" >&5 +$as_echo "print -r" >&6; } ;; + *) { $as_echo "$as_me:${as_lineno-$LINENO}: result: cat" >&5 +$as_echo "cat" >&6; } ;; +esac + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a sed that does not truncate output" >&5 +$as_echo_n "checking for a sed that does not truncate output... " >&6; } +if ${ac_cv_path_SED+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_script=s/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb/ + for ac_i in 1 2 3 4 5 6 7; do + ac_script="$ac_script$as_nl$ac_script" + done + echo "$ac_script" 2>/dev/null | sed 99q >conftest.sed + { ac_script=; unset ac_script;} + if test -z "$SED"; then + ac_path_SED_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in sed gsed; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_SED="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_SED" || continue +# Check for GNU ac_path_SED and select it if it is found. + # Check for GNU $ac_path_SED +case `"$ac_path_SED" --version 2>&1` in +*GNU*) + ac_cv_path_SED="$ac_path_SED" ac_path_SED_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo '' >> "conftest.nl" + "$ac_path_SED" -f conftest.sed < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_SED_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_SED="$ac_path_SED" + ac_path_SED_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_SED_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_SED"; then + as_fn_error $? "no acceptable sed could be found in \$PATH" "$LINENO" 5 + fi +else + ac_cv_path_SED=$SED +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_SED" >&5 +$as_echo "$ac_cv_path_SED" >&6; } + SED="$ac_cv_path_SED" + rm -f conftest.sed + +test -z "$SED" && SED=sed +Xsed="$SED -e 1s/^X//" + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for egrep" >&5 +$as_echo_n "checking for egrep... " >&6; } +if ${ac_cv_path_EGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo a | $GREP -E '(a|b)' >/dev/null 2>&1 + then ac_cv_path_EGREP="$GREP -E" + else + if test -z "$EGREP"; then + ac_path_EGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in egrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_EGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_EGREP" || continue +# Check for GNU ac_path_EGREP and select it if it is found. + # Check for GNU $ac_path_EGREP +case `"$ac_path_EGREP" --version 2>&1` in +*GNU*) + ac_cv_path_EGREP="$ac_path_EGREP" ac_path_EGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'EGREP' >> "conftest.nl" + "$ac_path_EGREP" 'EGREP$' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_EGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_EGREP="$ac_path_EGREP" + ac_path_EGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_EGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_EGREP"; then + as_fn_error $? "no acceptable egrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_EGREP=$EGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_EGREP" >&5 +$as_echo "$ac_cv_path_EGREP" >&6; } + EGREP="$ac_cv_path_EGREP" + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for fgrep" >&5 +$as_echo_n "checking for fgrep... " >&6; } +if ${ac_cv_path_FGREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if echo 'ab*c' | $GREP -F 'ab*c' >/dev/null 2>&1 + then ac_cv_path_FGREP="$GREP -F" + else + if test -z "$FGREP"; then + ac_path_FGREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in fgrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_FGREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_FGREP" || continue +# Check for GNU ac_path_FGREP and select it if it is found. + # Check for GNU $ac_path_FGREP +case `"$ac_path_FGREP" --version 2>&1` in +*GNU*) + ac_cv_path_FGREP="$ac_path_FGREP" ac_path_FGREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'FGREP' >> "conftest.nl" + "$ac_path_FGREP" FGREP < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_FGREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_FGREP="$ac_path_FGREP" + ac_path_FGREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_FGREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_FGREP"; then + as_fn_error $? "no acceptable fgrep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_FGREP=$FGREP +fi + + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_FGREP" >&5 +$as_echo "$ac_cv_path_FGREP" >&6; } + FGREP="$ac_cv_path_FGREP" + + +test -z "$GREP" && GREP=grep + + + + + + + + + + + + + + + + + + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +ac_prog=ld +if test yes = "$GCC"; then + # Check if gcc -print-prog-name=ld gives a path. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return, which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD=$ac_prog + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test yes = "$with_gnu_ld"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if ${lt_cv_path_LD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$LD"; then + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD=$ac_dir/$ac_prog + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &5 +$as_echo "$LD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if ${lt_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +$as_echo "$lt_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$lt_cv_prog_gnu_ld + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for BSD- or MS-compatible name lister (nm)" >&5 +$as_echo_n "checking for BSD- or MS-compatible name lister (nm)... " >&6; } +if ${lt_cv_path_NM+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NM"; then + # Let the user override the test. + lt_cv_path_NM=$NM +else + lt_nm_to_check=${ac_tool_prefix}nm + if test -n "$ac_tool_prefix" && test "$build" = "$host"; then + lt_nm_to_check="$lt_nm_to_check nm" + fi + for lt_tmp_nm in $lt_nm_to_check; do + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH /usr/ccs/bin/elf /usr/ccs/bin /usr/ucb /bin; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + tmp_nm=$ac_dir/$lt_tmp_nm + if test -f "$tmp_nm" || test -f "$tmp_nm$ac_exeext"; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the 'sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + # Tru64's nm complains that /dev/null is an invalid object file + # MSYS converts /dev/null to NUL, MinGW nm treats NUL as empty + case $build_os in + mingw*) lt_bad_file=conftest.nm/nofile ;; + *) lt_bad_file=/dev/null ;; + esac + case `"$tmp_nm" -B $lt_bad_file 2>&1 | sed '1q'` in + *$lt_bad_file* | *'Invalid file or object type'*) + lt_cv_path_NM="$tmp_nm -B" + break 2 + ;; + *) + case `"$tmp_nm" -p /dev/null 2>&1 | sed '1q'` in + */dev/null*) + lt_cv_path_NM="$tmp_nm -p" + break 2 + ;; + *) + lt_cv_path_NM=${lt_cv_path_NM="$tmp_nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + ;; + esac + ;; + esac + fi + done + IFS=$lt_save_ifs + done + : ${lt_cv_path_NM=no} +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_NM" >&5 +$as_echo "$lt_cv_path_NM" >&6; } +if test no != "$lt_cv_path_NM"; then + NM=$lt_cv_path_NM +else + # Didn't find any BSD compatible name lister, look for dumpbin. + if test -n "$DUMPBIN"; then : + # Let the user override the test. + else + if test -n "$ac_tool_prefix"; then + for ac_prog in dumpbin "link -dump" + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DUMPBIN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DUMPBIN"; then + ac_cv_prog_DUMPBIN="$DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_DUMPBIN="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DUMPBIN=$ac_cv_prog_DUMPBIN +if test -n "$DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DUMPBIN" >&5 +$as_echo "$DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$DUMPBIN" && break + done +fi +if test -z "$DUMPBIN"; then + ac_ct_DUMPBIN=$DUMPBIN + for ac_prog in dumpbin "link -dump" +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DUMPBIN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DUMPBIN"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_ct_DUMPBIN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DUMPBIN="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DUMPBIN=$ac_cv_prog_ac_ct_DUMPBIN +if test -n "$ac_ct_DUMPBIN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DUMPBIN" >&5 +$as_echo "$ac_ct_DUMPBIN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_DUMPBIN" && break +done + + if test "x$ac_ct_DUMPBIN" = x; then + DUMPBIN=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DUMPBIN=$ac_ct_DUMPBIN + fi +fi + + case `$DUMPBIN -symbols -headers /dev/null 2>&1 | sed '1q'` in + *COFF*) + DUMPBIN="$DUMPBIN -symbols -headers" + ;; + *) + DUMPBIN=: + ;; + esac + fi + + if test : != "$DUMPBIN"; then + NM=$DUMPBIN + fi +fi +test -z "$NM" && NM=nm + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the name lister ($NM) interface" >&5 +$as_echo_n "checking the name lister ($NM) interface... " >&6; } +if ${lt_cv_nm_interface+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_nm_interface="BSD nm" + echo "int some_variable = 0;" > conftest.$ac_ext + (eval echo "\"\$as_me:$LINENO: $ac_compile\"" >&5) + (eval "$ac_compile" 2>conftest.err) + cat conftest.err >&5 + (eval echo "\"\$as_me:$LINENO: $NM \\\"conftest.$ac_objext\\\"\"" >&5) + (eval "$NM \"conftest.$ac_objext\"" 2>conftest.err > conftest.out) + cat conftest.err >&5 + (eval echo "\"\$as_me:$LINENO: output\"" >&5) + cat conftest.out >&5 + if $GREP 'External.*some_variable' conftest.out > /dev/null; then + lt_cv_nm_interface="MS dumpbin" + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_nm_interface" >&5 +$as_echo "$lt_cv_nm_interface" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether ln -s works" >&5 +$as_echo_n "checking whether ln -s works... " >&6; } +LN_S=$as_ln_s +if test "$LN_S" = "ln -s"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no, using $LN_S" >&5 +$as_echo "no, using $LN_S" >&6; } +fi + +# find the maximum length of command line arguments +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking the maximum length of command line arguments" >&5 +$as_echo_n "checking the maximum length of command line arguments... " >&6; } +if ${lt_cv_sys_max_cmd_len+:} false; then : + $as_echo_n "(cached) " >&6 +else + i=0 + teststring=ABCD + + case $build_os in + msdosdjgpp*) + # On DJGPP, this test can blow up pretty badly due to problems in libc + # (any single argument exceeding 2000 bytes causes a buffer overrun + # during glob expansion). Even if it were fixed, the result of this + # check would be larger than it should be. + lt_cv_sys_max_cmd_len=12288; # 12K is about right + ;; + + gnu*) + # Under GNU Hurd, this test is not required because there is + # no limit to the length of command line arguments. + # Libtool will interpret -1 as no limit whatsoever + lt_cv_sys_max_cmd_len=-1; + ;; + + cygwin* | mingw* | cegcc*) + # On Win9x/ME, this test blows up -- it succeeds, but takes + # about 5 minutes as the teststring grows exponentially. + # Worse, since 9x/ME are not pre-emptively multitasking, + # you end up with a "frozen" computer, even though with patience + # the test eventually succeeds (with a max line length of 256k). + # Instead, let's just punt: use the minimum linelength reported by + # all of the supported platforms: 8192 (on NT/2K/XP). + lt_cv_sys_max_cmd_len=8192; + ;; + + mint*) + # On MiNT this can take a long time and run out of memory. + lt_cv_sys_max_cmd_len=8192; + ;; + + amigaos*) + # On AmigaOS with pdksh, this test takes hours, literally. + # So we just punt and use a minimum line length of 8192. + lt_cv_sys_max_cmd_len=8192; + ;; + + bitrig* | darwin* | dragonfly* | freebsd* | netbsd* | openbsd*) + # This has been around since 386BSD, at least. Likely further. + if test -x /sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/sbin/sysctl -n kern.argmax` + elif test -x /usr/sbin/sysctl; then + lt_cv_sys_max_cmd_len=`/usr/sbin/sysctl -n kern.argmax` + else + lt_cv_sys_max_cmd_len=65536 # usable default for all BSDs + fi + # And add a safety zone + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + ;; + + interix*) + # We know the value 262144 and hardcode it with a safety zone (like BSD) + lt_cv_sys_max_cmd_len=196608 + ;; + + os2*) + # The test takes a long time on OS/2. + lt_cv_sys_max_cmd_len=8192 + ;; + + osf*) + # Dr. Hans Ekkehard Plesser reports seeing a kernel panic running configure + # due to this test when exec_disable_arg_limit is 1 on Tru64. It is not + # nice to cause kernel panics so lets avoid the loop below. + # First set a reasonable default. + lt_cv_sys_max_cmd_len=16384 + # + if test -x /sbin/sysconfig; then + case `/sbin/sysconfig -q proc exec_disable_arg_limit` in + *1*) lt_cv_sys_max_cmd_len=-1 ;; + esac + fi + ;; + sco3.2v5*) + lt_cv_sys_max_cmd_len=102400 + ;; + sysv5* | sco5v6* | sysv4.2uw2*) + kargmax=`grep ARG_MAX /etc/conf/cf.d/stune 2>/dev/null` + if test -n "$kargmax"; then + lt_cv_sys_max_cmd_len=`echo $kargmax | sed 's/.*[ ]//'` + else + lt_cv_sys_max_cmd_len=32768 + fi + ;; + *) + lt_cv_sys_max_cmd_len=`(getconf ARG_MAX) 2> /dev/null` + if test -n "$lt_cv_sys_max_cmd_len" && \ + test undefined != "$lt_cv_sys_max_cmd_len"; then + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 4` + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \* 3` + else + # Make teststring a little bigger before we do anything with it. + # a 1K string should be a reasonable start. + for i in 1 2 3 4 5 6 7 8; do + teststring=$teststring$teststring + done + SHELL=${SHELL-${CONFIG_SHELL-/bin/sh}} + # If test is not a shell built-in, we'll probably end up computing a + # maximum length that is only half of the actual maximum length, but + # we can't tell. + while { test X`env echo "$teststring$teststring" 2>/dev/null` \ + = "X$teststring$teststring"; } >/dev/null 2>&1 && + test 17 != "$i" # 1/2 MB should be enough + do + i=`expr $i + 1` + teststring=$teststring$teststring + done + # Only check the string length outside the loop. + lt_cv_sys_max_cmd_len=`expr "X$teststring" : ".*" 2>&1` + teststring= + # Add a significant safety factor because C++ compilers can tack on + # massive amounts of additional arguments before passing them to the + # linker. It appears as though 1/2 is a usable value. + lt_cv_sys_max_cmd_len=`expr $lt_cv_sys_max_cmd_len \/ 2` + fi + ;; + esac + +fi + +if test -n "$lt_cv_sys_max_cmd_len"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sys_max_cmd_len" >&5 +$as_echo "$lt_cv_sys_max_cmd_len" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: none" >&5 +$as_echo "none" >&6; } +fi +max_cmd_len=$lt_cv_sys_max_cmd_len + + + + + + +: ${CP="cp -f"} +: ${MV="mv -f"} +: ${RM="rm -f"} + +if ( (MAIL=60; unset MAIL) || exit) >/dev/null 2>&1; then + lt_unset=unset +else + lt_unset=false +fi + + + + + +# test EBCDIC or ASCII +case `echo X|tr X '\101'` in + A) # ASCII based system + # \n is not interpreted correctly by Solaris 8 /usr/ucb/tr + lt_SP2NL='tr \040 \012' + lt_NL2SP='tr \015\012 \040\040' + ;; + *) # EBCDIC based system + lt_SP2NL='tr \100 \n' + lt_NL2SP='tr \r\n \100\100' + ;; +esac + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to $host format" >&5 +$as_echo_n "checking how to convert $build file names to $host format... " >&6; } +if ${lt_cv_to_host_file_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_w32 + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_cygwin_to_w32 + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_w32 + ;; + esac + ;; + *-*-cygwin* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_host_file_cmd=func_convert_file_msys_to_cygwin + ;; + *-*-cygwin* ) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; + * ) # otherwise, assume *nix + lt_cv_to_host_file_cmd=func_convert_file_nix_to_cygwin + ;; + esac + ;; + * ) # unhandled hosts (and "normal" native builds) + lt_cv_to_host_file_cmd=func_convert_file_noop + ;; +esac + +fi + +to_host_file_cmd=$lt_cv_to_host_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_host_file_cmd" >&5 +$as_echo "$lt_cv_to_host_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to convert $build file names to toolchain format" >&5 +$as_echo_n "checking how to convert $build file names to toolchain format... " >&6; } +if ${lt_cv_to_tool_file_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + #assume ordinary cross tools, or native build. +lt_cv_to_tool_file_cmd=func_convert_file_noop +case $host in + *-*-mingw* ) + case $build in + *-*-mingw* ) # actually msys + lt_cv_to_tool_file_cmd=func_convert_file_msys_to_w32 + ;; + esac + ;; +esac + +fi + +to_tool_file_cmd=$lt_cv_to_tool_file_cmd +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_to_tool_file_cmd" >&5 +$as_echo "$lt_cv_to_tool_file_cmd" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $LD option to reload object files" >&5 +$as_echo_n "checking for $LD option to reload object files... " >&6; } +if ${lt_cv_ld_reload_flag+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_reload_flag='-r' +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_reload_flag" >&5 +$as_echo "$lt_cv_ld_reload_flag" >&6; } +reload_flag=$lt_cv_ld_reload_flag +case $reload_flag in +"" | " "*) ;; +*) reload_flag=" $reload_flag" ;; +esac +reload_cmds='$LD$reload_flag -o $output$reload_objs' +case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + if test yes != "$GCC"; then + reload_cmds=false + fi + ;; + darwin*) + if test yes = "$GCC"; then + reload_cmds='$LTCC $LTCFLAGS -nostdlib $wl-r -o $output$reload_objs' + else + reload_cmds='$LD$reload_flag -o $output$reload_objs' + fi + ;; +esac + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}objdump", so it can be a program name with args. +set dummy ${ac_tool_prefix}objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OBJDUMP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OBJDUMP"; then + ac_cv_prog_OBJDUMP="$OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_OBJDUMP="${ac_tool_prefix}objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OBJDUMP=$ac_cv_prog_OBJDUMP +if test -n "$OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OBJDUMP" >&5 +$as_echo "$OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OBJDUMP"; then + ac_ct_OBJDUMP=$OBJDUMP + # Extract the first word of "objdump", so it can be a program name with args. +set dummy objdump; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OBJDUMP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OBJDUMP"; then + ac_cv_prog_ac_ct_OBJDUMP="$ac_ct_OBJDUMP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OBJDUMP="objdump" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OBJDUMP=$ac_cv_prog_ac_ct_OBJDUMP +if test -n "$ac_ct_OBJDUMP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OBJDUMP" >&5 +$as_echo "$ac_ct_OBJDUMP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OBJDUMP" = x; then + OBJDUMP="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OBJDUMP=$ac_ct_OBJDUMP + fi +else + OBJDUMP="$ac_cv_prog_OBJDUMP" +fi + +test -z "$OBJDUMP" && OBJDUMP=objdump + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to recognize dependent libraries" >&5 +$as_echo_n "checking how to recognize dependent libraries... " >&6; } +if ${lt_cv_deplibs_check_method+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_file_magic_cmd='$MAGIC_CMD' +lt_cv_file_magic_test_file= +lt_cv_deplibs_check_method='unknown' +# Need to set the preceding variable on all platforms that support +# interlibrary dependencies. +# 'none' -- dependencies not supported. +# 'unknown' -- same as none, but documents that we really don't know. +# 'pass_all' -- all dependencies passed with no checks. +# 'test_compile' -- check by making test program. +# 'file_magic [[regex]]' -- check by looking for files in library path +# that responds to the $file_magic_cmd with a given extended regex. +# If you have 'file' or equivalent on your system and you're not sure +# whether 'pass_all' will *always* work, you probably want this one. + +case $host_os in +aix[4-9]*) + lt_cv_deplibs_check_method=pass_all + ;; + +beos*) + lt_cv_deplibs_check_method=pass_all + ;; + +bsdi[45]*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib)' + lt_cv_file_magic_cmd='/usr/bin/file -L' + lt_cv_file_magic_test_file=/shlib/libc.so + ;; + +cygwin*) + # func_win32_libid is a shell function defined in ltmain.sh + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + ;; + +mingw* | pw32*) + # Base MSYS/MinGW do not provide the 'file' command needed by + # func_win32_libid shell function, so use a weaker test based on 'objdump', + # unless we find 'file', for example because we are cross-compiling. + if ( file / ) >/dev/null 2>&1; then + lt_cv_deplibs_check_method='file_magic ^x86 archive import|^x86 DLL' + lt_cv_file_magic_cmd='func_win32_libid' + else + # Keep this pattern in sync with the one in func_win32_libid. + lt_cv_deplibs_check_method='file_magic file format (pei*-i386(.*architecture: i386)?|pe-arm-wince|pe-x86-64)' + lt_cv_file_magic_cmd='$OBJDUMP -f' + fi + ;; + +cegcc*) + # use the weaker test based on 'objdump'. See mingw*. + lt_cv_deplibs_check_method='file_magic file format pe-arm-.*little(.*architecture: arm)?' + lt_cv_file_magic_cmd='$OBJDUMP -f' + ;; + +darwin* | rhapsody*) + lt_cv_deplibs_check_method=pass_all + ;; + +freebsd* | dragonfly*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + case $host_cpu in + i*86 ) + # Not sure whether the presence of OpenBSD here was a mistake. + # Let's accept both of them until this is cleared up. + lt_cv_deplibs_check_method='file_magic (FreeBSD|OpenBSD|DragonFly)/i[3-9]86 (compact )?demand paged shared library' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so.*` + ;; + esac + else + lt_cv_deplibs_check_method=pass_all + fi + ;; + +haiku*) + lt_cv_deplibs_check_method=pass_all + ;; + +hpux10.20* | hpux11*) + lt_cv_file_magic_cmd=/usr/bin/file + case $host_cpu in + ia64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF-[0-9][0-9]) shared object file - IA64' + lt_cv_file_magic_test_file=/usr/lib/hpux32/libc.so + ;; + hppa*64*) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|ELF[ -][0-9][0-9])(-bit)?( [LM]SB)? shared object( file)?[, -]* PA-RISC [0-9]\.[0-9]' + lt_cv_file_magic_test_file=/usr/lib/pa20_64/libc.sl + ;; + *) + lt_cv_deplibs_check_method='file_magic (s[0-9][0-9][0-9]|PA-RISC[0-9]\.[0-9]) shared library' + lt_cv_file_magic_test_file=/usr/lib/libc.sl + ;; + esac + ;; + +interix[3-9]*) + # PIC code is broken on Interix 3.x, that's why |\.a not |_pic\.a here + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|\.a)$' + ;; + +irix5* | irix6* | nonstopux*) + case $LD in + *-32|*"-32 ") libmagic=32-bit;; + *-n32|*"-n32 ") libmagic=N32;; + *-64|*"-64 ") libmagic=64-bit;; + *) libmagic=never-match;; + esac + lt_cv_deplibs_check_method=pass_all + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + lt_cv_deplibs_check_method=pass_all + ;; + +netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ > /dev/null; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so|_pic\.a)$' + fi + ;; + +newos6*) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (executable|dynamic lib)' + lt_cv_file_magic_cmd=/usr/bin/file + lt_cv_file_magic_test_file=/usr/lib/libnls.so + ;; + +*nto* | *qnx*) + lt_cv_deplibs_check_method=pass_all + ;; + +openbsd* | bitrig*) + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|\.so|_pic\.a)$' + else + lt_cv_deplibs_check_method='match_pattern /lib[^/]+(\.so\.[0-9]+\.[0-9]+|_pic\.a)$' + fi + ;; + +osf3* | osf4* | osf5*) + lt_cv_deplibs_check_method=pass_all + ;; + +rdos*) + lt_cv_deplibs_check_method=pass_all + ;; + +solaris*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + lt_cv_deplibs_check_method=pass_all + ;; + +sysv4 | sysv4.3*) + case $host_vendor in + motorola) + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [ML]SB (shared object|dynamic lib) M[0-9][0-9]* Version [0-9]' + lt_cv_file_magic_test_file=`echo /usr/lib/libc.so*` + ;; + ncr) + lt_cv_deplibs_check_method=pass_all + ;; + sequent) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method='file_magic ELF [0-9][0-9]*-bit [LM]SB (shared object|dynamic lib )' + ;; + sni) + lt_cv_file_magic_cmd='/bin/file' + lt_cv_deplibs_check_method="file_magic ELF [0-9][0-9]*-bit [LM]SB dynamic lib" + lt_cv_file_magic_test_file=/lib/libc.so + ;; + siemens) + lt_cv_deplibs_check_method=pass_all + ;; + pc) + lt_cv_deplibs_check_method=pass_all + ;; + esac + ;; + +tpf*) + lt_cv_deplibs_check_method=pass_all + ;; +os2*) + lt_cv_deplibs_check_method=pass_all + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_deplibs_check_method" >&5 +$as_echo "$lt_cv_deplibs_check_method" >&6; } + +file_magic_glob= +want_nocaseglob=no +if test "$build" = "$host"; then + case $host_os in + mingw* | pw32*) + if ( shopt | grep nocaseglob ) >/dev/null 2>&1; then + want_nocaseglob=yes + else + file_magic_glob=`echo aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQrRsStTuUvVwWxXyYzZ | $SED -e "s/\(..\)/s\/[\1]\/[\1]\/g;/g"` + fi + ;; + esac +fi + +file_magic_cmd=$lt_cv_file_magic_cmd +deplibs_check_method=$lt_cv_deplibs_check_method +test -z "$deplibs_check_method" && deplibs_check_method=unknown + + + + + + + + + + + + + + + + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dlltool", so it can be a program name with args. +set dummy ${ac_tool_prefix}dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DLLTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DLLTOOL"; then + ac_cv_prog_DLLTOOL="$DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_DLLTOOL="${ac_tool_prefix}dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DLLTOOL=$ac_cv_prog_DLLTOOL +if test -n "$DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DLLTOOL" >&5 +$as_echo "$DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DLLTOOL"; then + ac_ct_DLLTOOL=$DLLTOOL + # Extract the first word of "dlltool", so it can be a program name with args. +set dummy dlltool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DLLTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DLLTOOL"; then + ac_cv_prog_ac_ct_DLLTOOL="$ac_ct_DLLTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DLLTOOL="dlltool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DLLTOOL=$ac_cv_prog_ac_ct_DLLTOOL +if test -n "$ac_ct_DLLTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DLLTOOL" >&5 +$as_echo "$ac_ct_DLLTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DLLTOOL" = x; then + DLLTOOL="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DLLTOOL=$ac_ct_DLLTOOL + fi +else + DLLTOOL="$ac_cv_prog_DLLTOOL" +fi + +test -z "$DLLTOOL" && DLLTOOL=dlltool + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to associate runtime and link libraries" >&5 +$as_echo_n "checking how to associate runtime and link libraries... " >&6; } +if ${lt_cv_sharedlib_from_linklib_cmd+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_sharedlib_from_linklib_cmd='unknown' + +case $host_os in +cygwin* | mingw* | pw32* | cegcc*) + # two different shell functions defined in ltmain.sh; + # decide which one to use based on capabilities of $DLLTOOL + case `$DLLTOOL --help 2>&1` in + *--identify-strict*) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib + ;; + *) + lt_cv_sharedlib_from_linklib_cmd=func_cygming_dll_for_implib_fallback + ;; + esac + ;; +*) + # fallback: assume linklib IS sharedlib + lt_cv_sharedlib_from_linklib_cmd=$ECHO + ;; +esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_sharedlib_from_linklib_cmd" >&5 +$as_echo "$lt_cv_sharedlib_from_linklib_cmd" >&6; } +sharedlib_from_linklib_cmd=$lt_cv_sharedlib_from_linklib_cmd +test -z "$sharedlib_from_linklib_cmd" && sharedlib_from_linklib_cmd=$ECHO + + + + + + + +if test -n "$ac_tool_prefix"; then + for ac_prog in ar + do + # Extract the first word of "$ac_tool_prefix$ac_prog", so it can be a program name with args. +set dummy $ac_tool_prefix$ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$AR"; then + ac_cv_prog_AR="$AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_AR="$ac_tool_prefix$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +AR=$ac_cv_prog_AR +if test -n "$AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $AR" >&5 +$as_echo "$AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$AR" && break + done +fi +if test -z "$AR"; then + ac_ct_AR=$AR + for ac_prog in ar +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_AR+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_AR"; then + ac_cv_prog_ac_ct_AR="$ac_ct_AR" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_AR="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_AR=$ac_cv_prog_ac_ct_AR +if test -n "$ac_ct_AR"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_AR" >&5 +$as_echo "$ac_ct_AR" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$ac_ct_AR" && break +done + + if test "x$ac_ct_AR" = x; then + AR="false" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + AR=$ac_ct_AR + fi +fi + +: ${AR=ar} +: ${AR_FLAGS=cru} + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for archiver @FILE support" >&5 +$as_echo_n "checking for archiver @FILE support... " >&6; } +if ${lt_cv_ar_at_file+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ar_at_file=no + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + echo conftest.$ac_objext > conftest.lst + lt_ar_try='$AR $AR_FLAGS libconftest.a @conftest.lst >&5' + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test 0 -eq "$ac_status"; then + # Ensure the archiver fails upon bogus file names. + rm -f conftest.$ac_objext libconftest.a + { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$lt_ar_try\""; } >&5 + (eval $lt_ar_try) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + if test 0 -ne "$ac_status"; then + lt_cv_ar_at_file=@ + fi + fi + rm -f conftest.* libconftest.a + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ar_at_file" >&5 +$as_echo "$lt_cv_ar_at_file" >&6; } + +if test no = "$lt_cv_ar_at_file"; then + archiver_list_spec= +else + archiver_list_spec=$lt_cv_ar_at_file +fi + + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}strip", so it can be a program name with args. +set dummy ${ac_tool_prefix}strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$STRIP"; then + ac_cv_prog_STRIP="$STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_STRIP="${ac_tool_prefix}strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +STRIP=$ac_cv_prog_STRIP +if test -n "$STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $STRIP" >&5 +$as_echo "$STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_STRIP"; then + ac_ct_STRIP=$STRIP + # Extract the first word of "strip", so it can be a program name with args. +set dummy strip; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_STRIP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_STRIP"; then + ac_cv_prog_ac_ct_STRIP="$ac_ct_STRIP" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_STRIP="strip" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_STRIP=$ac_cv_prog_ac_ct_STRIP +if test -n "$ac_ct_STRIP"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_STRIP" >&5 +$as_echo "$ac_ct_STRIP" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_STRIP" = x; then + STRIP=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + STRIP=$ac_ct_STRIP + fi +else + STRIP="$ac_cv_prog_STRIP" +fi + +test -z "$STRIP" && STRIP=: + + + + + + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}ranlib", so it can be a program name with args. +set dummy ${ac_tool_prefix}ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RANLIB"; then + ac_cv_prog_RANLIB="$RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RANLIB="${ac_tool_prefix}ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RANLIB=$ac_cv_prog_RANLIB +if test -n "$RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RANLIB" >&5 +$as_echo "$RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_RANLIB"; then + ac_ct_RANLIB=$RANLIB + # Extract the first word of "ranlib", so it can be a program name with args. +set dummy ranlib; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_RANLIB+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_RANLIB"; then + ac_cv_prog_ac_ct_RANLIB="$ac_ct_RANLIB" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_RANLIB="ranlib" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_RANLIB=$ac_cv_prog_ac_ct_RANLIB +if test -n "$ac_ct_RANLIB"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_RANLIB" >&5 +$as_echo "$ac_ct_RANLIB" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_RANLIB" = x; then + RANLIB=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + RANLIB=$ac_ct_RANLIB + fi +else + RANLIB="$ac_cv_prog_RANLIB" +fi + +test -z "$RANLIB" && RANLIB=: + + + + + + +# Determine commands to create old-style static archives. +old_archive_cmds='$AR $AR_FLAGS $oldlib$oldobjs' +old_postinstall_cmds='chmod 644 $oldlib' +old_postuninstall_cmds= + +if test -n "$RANLIB"; then + case $host_os in + bitrig* | openbsd*) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB -t \$tool_oldlib" + ;; + *) + old_postinstall_cmds="$old_postinstall_cmds~\$RANLIB \$tool_oldlib" + ;; + esac + old_archive_cmds="$old_archive_cmds~\$RANLIB \$tool_oldlib" +fi + +case $host_os in + darwin*) + lock_old_archive_extraction=yes ;; + *) + lock_old_archive_extraction=no ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + +# Check for command to grab the raw symbol name followed by C symbol from nm. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking command to parse $NM output from $compiler object" >&5 +$as_echo_n "checking command to parse $NM output from $compiler object... " >&6; } +if ${lt_cv_sys_global_symbol_pipe+:} false; then : + $as_echo_n "(cached) " >&6 +else + +# These are sane defaults that work on at least a few old systems. +# [They come from Ultrix. What could be older than Ultrix?!! ;)] + +# Character class describing NM global symbol codes. +symcode='[BCDEGRST]' + +# Regexp to match symbols that can be accessed directly from C. +sympat='\([_A-Za-z][_A-Za-z0-9]*\)' + +# Define system-specific variables. +case $host_os in +aix*) + symcode='[BCDT]' + ;; +cygwin* | mingw* | pw32* | cegcc*) + symcode='[ABCDGISTW]' + ;; +hpux*) + if test ia64 = "$host_cpu"; then + symcode='[ABCDEGRST]' + fi + ;; +irix* | nonstopux*) + symcode='[BCDEGRST]' + ;; +osf*) + symcode='[BCDEGQRST]' + ;; +solaris*) + symcode='[BDRT]' + ;; +sco3.2v5*) + symcode='[DT]' + ;; +sysv4.2uw2*) + symcode='[DT]' + ;; +sysv5* | sco5v6* | unixware* | OpenUNIX*) + symcode='[ABDT]' + ;; +sysv4) + symcode='[DFNSTU]' + ;; +esac + +# If we're using GNU nm, then use its standard symbol codes. +case `$NM -V 2>&1` in +*GNU* | *'with BFD'*) + symcode='[ABCDGIRSTW]' ;; +esac + +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Gets list of data symbols to import. + lt_cv_sys_global_symbol_to_import="sed -n -e 's/^I .* \(.*\)$/\1/p'" + # Adjust the below global symbol transforms to fixup imported variables. + lt_cdecl_hook=" -e 's/^I .* \(.*\)$/extern __declspec(dllimport) char \1;/p'" + lt_c_name_hook=" -e 's/^I .* \(.*\)$/ {\"\1\", (void *) 0},/p'" + lt_c_name_lib_hook="\ + -e 's/^I .* \(lib.*\)$/ {\"\1\", (void *) 0},/p'\ + -e 's/^I .* \(.*\)$/ {\"lib\1\", (void *) 0},/p'" +else + # Disable hooks by default. + lt_cv_sys_global_symbol_to_import= + lt_cdecl_hook= + lt_c_name_hook= + lt_c_name_lib_hook= +fi + +# Transform an extracted symbol line into a proper C declaration. +# Some systems (esp. on ia64) link data and code symbols differently, +# so use this general approach. +lt_cv_sys_global_symbol_to_cdecl="sed -n"\ +$lt_cdecl_hook\ +" -e 's/^T .* \(.*\)$/extern int \1();/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/extern char \1;/p'" + +# Transform an extracted symbol line into symbol name and symbol address +lt_cv_sys_global_symbol_to_c_name_address="sed -n"\ +$lt_c_name_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/p'" + +# Transform an extracted symbol line into symbol name with lib prefix and +# symbol address. +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix="sed -n"\ +$lt_c_name_lib_hook\ +" -e 's/^: \(.*\) .*$/ {\"\1\", (void *) 0},/p'"\ +" -e 's/^$symcode$symcode* .* \(lib.*\)$/ {\"\1\", (void *) \&\1},/p'"\ +" -e 's/^$symcode$symcode* .* \(.*\)$/ {\"lib\1\", (void *) \&\1},/p'" + +# Handle CRLF in mingw tool chain +opt_cr= +case $build_os in +mingw*) + opt_cr=`$ECHO 'x\{0,1\}' | tr x '\015'` # option cr in regexp + ;; +esac + +# Try without a prefix underscore, then with it. +for ac_symprfx in "" "_"; do + + # Transform symcode, sympat, and symprfx into a raw symbol and a C symbol. + symxfrm="\\1 $ac_symprfx\\2 \\2" + + # Write the raw and C identifiers. + if test "$lt_cv_nm_interface" = "MS dumpbin"; then + # Fake it for dumpbin and say T for any non-static function, + # D for any global variable and I for any imported variable. + # Also find C++ and __fastcall symbols from MSVC++, + # which start with @ or ?. + lt_cv_sys_global_symbol_pipe="$AWK '"\ +" {last_section=section; section=\$ 3};"\ +" /^COFF SYMBOL TABLE/{for(i in hide) delete hide[i]};"\ +" /Section length .*#relocs.*(pick any)/{hide[last_section]=1};"\ +" /^ *Symbol name *: /{split(\$ 0,sn,\":\"); si=substr(sn[2],2)};"\ +" /^ *Type *: code/{print \"T\",si,substr(si,length(prfx))};"\ +" /^ *Type *: data/{print \"I\",si,substr(si,length(prfx))};"\ +" \$ 0!~/External *\|/{next};"\ +" / 0+ UNDEF /{next}; / UNDEF \([^|]\)*()/{next};"\ +" {if(hide[section]) next};"\ +" {f=\"D\"}; \$ 0~/\(\).*\|/{f=\"T\"};"\ +" {split(\$ 0,a,/\||\r/); split(a[2],s)};"\ +" s[1]~/^[@?]/{print f,s[1],s[1]; next};"\ +" s[1]~prfx {split(s[1],t,\"@\"); print f,t[1],substr(t[1],length(prfx))}"\ +" ' prfx=^$ac_symprfx" + else + lt_cv_sys_global_symbol_pipe="sed -n -e 's/^.*[ ]\($symcode$symcode*\)[ ][ ]*$ac_symprfx$sympat$opt_cr$/$symxfrm/p'" + fi + lt_cv_sys_global_symbol_pipe="$lt_cv_sys_global_symbol_pipe | sed '/ __gnu_lto/d'" + + # Check to see that the pipe works correctly. + pipe_works=no + + rm -f conftest* + cat > conftest.$ac_ext <<_LT_EOF +#ifdef __cplusplus +extern "C" { +#endif +char nm_test_var; +void nm_test_func(void); +void nm_test_func(void){} +#ifdef __cplusplus +} +#endif +int main(){nm_test_var='a';nm_test_func();return(0);} +_LT_EOF + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + # Now try to grab the symbols. + nlist=conftest.nm + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist\""; } >&5 + (eval $NM conftest.$ac_objext \| "$lt_cv_sys_global_symbol_pipe" \> $nlist) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "$nlist"; then + # Try sorting and uniquifying the output. + if sort "$nlist" | uniq > "$nlist"T; then + mv -f "$nlist"T "$nlist" + else + rm -f "$nlist"T + fi + + # Make sure that we snagged all the symbols we need. + if $GREP ' nm_test_var$' "$nlist" >/dev/null; then + if $GREP ' nm_test_func$' "$nlist" >/dev/null; then + cat <<_LT_EOF > conftest.$ac_ext +/* Keep this code in sync between libtool.m4, ltmain, lt_system.h, and tests. */ +#if defined _WIN32 || defined __CYGWIN__ || defined _WIN32_WCE +/* DATA imports from DLLs on WIN32 can't be const, because runtime + relocations are performed -- see ld's documentation on pseudo-relocs. */ +# define LT_DLSYM_CONST +#elif defined __osf__ +/* This system does not cope well with relocations in const data. */ +# define LT_DLSYM_CONST +#else +# define LT_DLSYM_CONST const +#endif + +#ifdef __cplusplus +extern "C" { +#endif + +_LT_EOF + # Now generate the symbol file. + eval "$lt_cv_sys_global_symbol_to_cdecl"' < "$nlist" | $GREP -v main >> conftest.$ac_ext' + + cat <<_LT_EOF >> conftest.$ac_ext + +/* The mapping between symbol names and symbols. */ +LT_DLSYM_CONST struct { + const char *name; + void *address; +} +lt__PROGRAM__LTX_preloaded_symbols[] = +{ + { "@PROGRAM@", (void *) 0 }, +_LT_EOF + $SED "s/^$symcode$symcode* .* \(.*\)$/ {\"\1\", (void *) \&\1},/" < "$nlist" | $GREP -v main >> conftest.$ac_ext + cat <<\_LT_EOF >> conftest.$ac_ext + {0, (void *) 0} +}; + +/* This works around a problem in FreeBSD linker */ +#ifdef FREEBSD_WORKAROUND +static const void *lt_preloaded_setup() { + return lt__PROGRAM__LTX_preloaded_symbols; +} +#endif + +#ifdef __cplusplus +} +#endif +_LT_EOF + # Now try linking the two files. + mv conftest.$ac_objext conftstm.$ac_objext + lt_globsym_save_LIBS=$LIBS + lt_globsym_save_CFLAGS=$CFLAGS + LIBS=conftstm.$ac_objext + CFLAGS="$CFLAGS$lt_prog_compiler_no_builtin_flag" + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s conftest$ac_exeext; then + pipe_works=yes + fi + LIBS=$lt_globsym_save_LIBS + CFLAGS=$lt_globsym_save_CFLAGS + else + echo "cannot find nm_test_func in $nlist" >&5 + fi + else + echo "cannot find nm_test_var in $nlist" >&5 + fi + else + echo "cannot run $lt_cv_sys_global_symbol_pipe" >&5 + fi + else + echo "$progname: failed program was:" >&5 + cat conftest.$ac_ext >&5 + fi + rm -rf conftest* conftst* + + # Do not use the global_symbol_pipe unless it works. + if test yes = "$pipe_works"; then + break + else + lt_cv_sys_global_symbol_pipe= + fi +done + +fi + +if test -z "$lt_cv_sys_global_symbol_pipe"; then + lt_cv_sys_global_symbol_to_cdecl= +fi +if test -z "$lt_cv_sys_global_symbol_pipe$lt_cv_sys_global_symbol_to_cdecl"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: failed" >&5 +$as_echo "failed" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ok" >&5 +$as_echo "ok" >&6; } +fi + +# Response file support. +if test "$lt_cv_nm_interface" = "MS dumpbin"; then + nm_file_list_spec='@' +elif $NM --help 2>/dev/null | grep '[@]FILE' >/dev/null; then + nm_file_list_spec='@' +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sysroot" >&5 +$as_echo_n "checking for sysroot... " >&6; } + +# Check whether --with-sysroot was given. +if test "${with_sysroot+set}" = set; then : + withval=$with_sysroot; +else + with_sysroot=no +fi + + +lt_sysroot= +case $with_sysroot in #( + yes) + if test yes = "$GCC"; then + lt_sysroot=`$CC --print-sysroot 2>/dev/null` + fi + ;; #( + /*) + lt_sysroot=`echo "$with_sysroot" | sed -e "$sed_quote_subst"` + ;; #( + no|'') + ;; #( + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_sysroot" >&5 +$as_echo "$with_sysroot" >&6; } + as_fn_error $? "The sysroot must be an absolute path." "$LINENO" 5 + ;; +esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${lt_sysroot:-no}" >&5 +$as_echo "${lt_sysroot:-no}" >&6; } + + + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for a working dd" >&5 +$as_echo_n "checking for a working dd... " >&6; } +if ${ac_cv_path_lt_DD+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +: ${lt_DD:=$DD} +if test -z "$lt_DD"; then + ac_path_lt_DD_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in dd; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_lt_DD="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_lt_DD" || continue +if "$ac_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && ac_cv_path_lt_DD="$ac_path_lt_DD" ac_path_lt_DD_found=: +fi + $ac_path_lt_DD_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_lt_DD"; then + : + fi +else + ac_cv_path_lt_DD=$lt_DD +fi + +rm -f conftest.i conftest2.i conftest.out +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_lt_DD" >&5 +$as_echo "$ac_cv_path_lt_DD" >&6; } + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to truncate binary pipes" >&5 +$as_echo_n "checking how to truncate binary pipes... " >&6; } +if ${lt_cv_truncate_bin+:} false; then : + $as_echo_n "(cached) " >&6 +else + printf 0123456789abcdef0123456789abcdef >conftest.i +cat conftest.i conftest.i >conftest2.i +lt_cv_truncate_bin= +if "$ac_cv_path_lt_DD" bs=32 count=1 conftest.out 2>/dev/null; then + cmp -s conftest.i conftest.out \ + && lt_cv_truncate_bin="$ac_cv_path_lt_DD bs=4096 count=1" +fi +rm -f conftest.i conftest2.i conftest.out +test -z "$lt_cv_truncate_bin" && lt_cv_truncate_bin="$SED -e 4q" +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_truncate_bin" >&5 +$as_echo "$lt_cv_truncate_bin" >&6; } + + + + + + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + + +# Check whether --enable-libtool-lock was given. +if test "${enable_libtool_lock+set}" = set; then : + enableval=$enable_libtool_lock; +fi + +test no = "$enable_libtool_lock" || enable_libtool_lock=yes + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case $host in +ia64-*-hpux*) + # Find out what ABI is being produced by ac_compile, and set mode + # options accordingly. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.$ac_objext` in + *ELF-32*) + HPUX_IA64_MODE=32 + ;; + *ELF-64*) + HPUX_IA64_MODE=64 + ;; + esac + fi + rm -rf conftest* + ;; +*-*-irix6*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + if test yes = "$lt_cv_prog_gnu_ld"; then + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -melf32bsmip" + ;; + *N32*) + LD="${LD-ld} -melf32bmipn32" + ;; + *64-bit*) + LD="${LD-ld} -melf64bmip" + ;; + esac + else + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + fi + rm -rf conftest* + ;; + +mips64*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo '#line '$LINENO' "configure"' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + emul=elf + case `/usr/bin/file conftest.$ac_objext` in + *32-bit*) + emul="${emul}32" + ;; + *64-bit*) + emul="${emul}64" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *MSB*) + emul="${emul}btsmip" + ;; + *LSB*) + emul="${emul}ltsmip" + ;; + esac + case `/usr/bin/file conftest.$ac_objext` in + *N32*) + emul="${emul}n32" + ;; + esac + LD="${LD-ld} -m $emul" + fi + rm -rf conftest* + ;; + +x86_64-*kfreebsd*-gnu|x86_64-*linux*|powerpc*-*linux*| \ +s390*-*linux*|s390*-*tpf*|sparc*-*linux*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. Note that the listed cases only cover the + # situations where additional linker options are needed (such as when + # doing 32-bit compilation for a host where ld defaults to 64-bit, or + # vice versa); the common cases where no linker options are needed do + # not appear in the list. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *32-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_i386_fbsd" + ;; + x86_64-*linux*) + case `/usr/bin/file conftest.o` in + *x86-64*) + LD="${LD-ld} -m elf32_x86_64" + ;; + *) + LD="${LD-ld} -m elf_i386" + ;; + esac + ;; + powerpc64le-*linux*) + LD="${LD-ld} -m elf32lppclinux" + ;; + powerpc64-*linux*) + LD="${LD-ld} -m elf32ppclinux" + ;; + s390x-*linux*) + LD="${LD-ld} -m elf_s390" + ;; + sparc64-*linux*) + LD="${LD-ld} -m elf32_sparc" + ;; + esac + ;; + *64-bit*) + case $host in + x86_64-*kfreebsd*-gnu) + LD="${LD-ld} -m elf_x86_64_fbsd" + ;; + x86_64-*linux*) + LD="${LD-ld} -m elf_x86_64" + ;; + powerpcle-*linux*) + LD="${LD-ld} -m elf64lppc" + ;; + powerpc-*linux*) + LD="${LD-ld} -m elf64ppc" + ;; + s390*-*linux*|s390*-*tpf*) + LD="${LD-ld} -m elf64_s390" + ;; + sparc*-*linux*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS=$CFLAGS + CFLAGS="$CFLAGS -belf" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the C compiler needs -belf" >&5 +$as_echo_n "checking whether the C compiler needs -belf... " >&6; } +if ${lt_cv_cc_needs_belf+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_cc_needs_belf=yes +else + lt_cv_cc_needs_belf=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_cc_needs_belf" >&5 +$as_echo "$lt_cv_cc_needs_belf" >&6; } + if test yes != "$lt_cv_cc_needs_belf"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS=$SAVE_CFLAGS + fi + ;; +*-*solaris*) + # Find out what ABI is being produced by ac_compile, and set linker + # options accordingly. + echo 'int i;' > conftest.$ac_ext + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + case `/usr/bin/file conftest.o` in + *64-bit*) + case $lt_cv_prog_gnu_ld in + yes*) + case $host in + i?86-*-solaris*|x86_64-*-solaris*) + LD="${LD-ld} -m elf_x86_64" + ;; + sparc*-*-solaris*) + LD="${LD-ld} -m elf64_sparc" + ;; + esac + # GNU ld 2.21 introduced _sol2 emulations. Use them if available. + if ${LD-ld} -V | grep _sol2 >/dev/null 2>&1; then + LD=${LD-ld}_sol2 + fi + ;; + *) + if ${LD-ld} -64 -r -o conftest2.o conftest.o >/dev/null 2>&1; then + LD="${LD-ld} -64" + fi + ;; + esac + ;; + esac + fi + rm -rf conftest* + ;; +esac + +need_locks=$enable_libtool_lock + +if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}mt", so it can be a program name with args. +set dummy ${ac_tool_prefix}mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_MANIFEST_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$MANIFEST_TOOL"; then + ac_cv_prog_MANIFEST_TOOL="$MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_MANIFEST_TOOL="${ac_tool_prefix}mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +MANIFEST_TOOL=$ac_cv_prog_MANIFEST_TOOL +if test -n "$MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MANIFEST_TOOL" >&5 +$as_echo "$MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_MANIFEST_TOOL"; then + ac_ct_MANIFEST_TOOL=$MANIFEST_TOOL + # Extract the first word of "mt", so it can be a program name with args. +set dummy mt; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_MANIFEST_TOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_MANIFEST_TOOL"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="$ac_ct_MANIFEST_TOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_MANIFEST_TOOL="mt" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_MANIFEST_TOOL=$ac_cv_prog_ac_ct_MANIFEST_TOOL +if test -n "$ac_ct_MANIFEST_TOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_MANIFEST_TOOL" >&5 +$as_echo "$ac_ct_MANIFEST_TOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_MANIFEST_TOOL" = x; then + MANIFEST_TOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + MANIFEST_TOOL=$ac_ct_MANIFEST_TOOL + fi +else + MANIFEST_TOOL="$ac_cv_prog_MANIFEST_TOOL" +fi + +test -z "$MANIFEST_TOOL" && MANIFEST_TOOL=mt +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $MANIFEST_TOOL is a manifest tool" >&5 +$as_echo_n "checking if $MANIFEST_TOOL is a manifest tool... " >&6; } +if ${lt_cv_path_mainfest_tool+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_path_mainfest_tool=no + echo "$as_me:$LINENO: $MANIFEST_TOOL '-?'" >&5 + $MANIFEST_TOOL '-?' 2>conftest.err > conftest.out + cat conftest.err >&5 + if $GREP 'Manifest Tool' conftest.out > /dev/null; then + lt_cv_path_mainfest_tool=yes + fi + rm -f conftest* +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_path_mainfest_tool" >&5 +$as_echo "$lt_cv_path_mainfest_tool" >&6; } +if test yes != "$lt_cv_path_mainfest_tool"; then + MANIFEST_TOOL=: +fi + + + + + + + case $host_os in + rhapsody* | darwin*) + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}dsymutil", so it can be a program name with args. +set dummy ${ac_tool_prefix}dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_DSYMUTIL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$DSYMUTIL"; then + ac_cv_prog_DSYMUTIL="$DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_DSYMUTIL="${ac_tool_prefix}dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +DSYMUTIL=$ac_cv_prog_DSYMUTIL +if test -n "$DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $DSYMUTIL" >&5 +$as_echo "$DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_DSYMUTIL"; then + ac_ct_DSYMUTIL=$DSYMUTIL + # Extract the first word of "dsymutil", so it can be a program name with args. +set dummy dsymutil; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_DSYMUTIL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_DSYMUTIL"; then + ac_cv_prog_ac_ct_DSYMUTIL="$ac_ct_DSYMUTIL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_DSYMUTIL="dsymutil" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_DSYMUTIL=$ac_cv_prog_ac_ct_DSYMUTIL +if test -n "$ac_ct_DSYMUTIL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_DSYMUTIL" >&5 +$as_echo "$ac_ct_DSYMUTIL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_DSYMUTIL" = x; then + DSYMUTIL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + DSYMUTIL=$ac_ct_DSYMUTIL + fi +else + DSYMUTIL="$ac_cv_prog_DSYMUTIL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}nmedit", so it can be a program name with args. +set dummy ${ac_tool_prefix}nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_NMEDIT+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NMEDIT"; then + ac_cv_prog_NMEDIT="$NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_NMEDIT="${ac_tool_prefix}nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +NMEDIT=$ac_cv_prog_NMEDIT +if test -n "$NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NMEDIT" >&5 +$as_echo "$NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_NMEDIT"; then + ac_ct_NMEDIT=$NMEDIT + # Extract the first word of "nmedit", so it can be a program name with args. +set dummy nmedit; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_NMEDIT+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_NMEDIT"; then + ac_cv_prog_ac_ct_NMEDIT="$ac_ct_NMEDIT" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_NMEDIT="nmedit" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_NMEDIT=$ac_cv_prog_ac_ct_NMEDIT +if test -n "$ac_ct_NMEDIT"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_NMEDIT" >&5 +$as_echo "$ac_ct_NMEDIT" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_NMEDIT" = x; then + NMEDIT=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + NMEDIT=$ac_ct_NMEDIT + fi +else + NMEDIT="$ac_cv_prog_NMEDIT" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}lipo", so it can be a program name with args. +set dummy ${ac_tool_prefix}lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_LIPO+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$LIPO"; then + ac_cv_prog_LIPO="$LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_LIPO="${ac_tool_prefix}lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +LIPO=$ac_cv_prog_LIPO +if test -n "$LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LIPO" >&5 +$as_echo "$LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_LIPO"; then + ac_ct_LIPO=$LIPO + # Extract the first word of "lipo", so it can be a program name with args. +set dummy lipo; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_LIPO+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_LIPO"; then + ac_cv_prog_ac_ct_LIPO="$ac_ct_LIPO" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_LIPO="lipo" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_LIPO=$ac_cv_prog_ac_ct_LIPO +if test -n "$ac_ct_LIPO"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_LIPO" >&5 +$as_echo "$ac_ct_LIPO" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_LIPO" = x; then + LIPO=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + LIPO=$ac_ct_LIPO + fi +else + LIPO="$ac_cv_prog_LIPO" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL"; then + ac_cv_prog_OTOOL="$OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_OTOOL="${ac_tool_prefix}otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL=$ac_cv_prog_OTOOL +if test -n "$OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL" >&5 +$as_echo "$OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL"; then + ac_ct_OTOOL=$OTOOL + # Extract the first word of "otool", so it can be a program name with args. +set dummy otool; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OTOOL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL"; then + ac_cv_prog_ac_ct_OTOOL="$ac_ct_OTOOL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OTOOL="otool" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL=$ac_cv_prog_ac_ct_OTOOL +if test -n "$ac_ct_OTOOL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL" >&5 +$as_echo "$ac_ct_OTOOL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL" = x; then + OTOOL=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL=$ac_ct_OTOOL + fi +else + OTOOL="$ac_cv_prog_OTOOL" +fi + + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}otool64", so it can be a program name with args. +set dummy ${ac_tool_prefix}otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_OTOOL64+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$OTOOL64"; then + ac_cv_prog_OTOOL64="$OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_OTOOL64="${ac_tool_prefix}otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +OTOOL64=$ac_cv_prog_OTOOL64 +if test -n "$OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $OTOOL64" >&5 +$as_echo "$OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_OTOOL64"; then + ac_ct_OTOOL64=$OTOOL64 + # Extract the first word of "otool64", so it can be a program name with args. +set dummy otool64; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_OTOOL64+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_OTOOL64"; then + ac_cv_prog_ac_ct_OTOOL64="$ac_ct_OTOOL64" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_OTOOL64="otool64" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_OTOOL64=$ac_cv_prog_ac_ct_OTOOL64 +if test -n "$ac_ct_OTOOL64"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_OTOOL64" >&5 +$as_echo "$ac_ct_OTOOL64" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_OTOOL64" = x; then + OTOOL64=":" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + OTOOL64=$ac_ct_OTOOL64 + fi +else + OTOOL64="$ac_cv_prog_OTOOL64" +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -single_module linker flag" >&5 +$as_echo_n "checking for -single_module linker flag... " >&6; } +if ${lt_cv_apple_cc_single_mod+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_apple_cc_single_mod=no + if test -z "$LT_MULTI_MODULE"; then + # By default we will add the -single_module flag. You can override + # by either setting the environment variable LT_MULTI_MODULE + # non-empty at configure time, or by adding -multi_module to the + # link flags. + rm -rf libconftest.dylib* + echo "int foo(void){return 1;}" > conftest.c + echo "$LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ +-dynamiclib -Wl,-single_module conftest.c" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o libconftest.dylib \ + -dynamiclib -Wl,-single_module conftest.c 2>conftest.err + _lt_result=$? + # If there is a non-empty error log, and "single_module" + # appears in it, assume the flag caused a linker warning + if test -s conftest.err && $GREP single_module conftest.err; then + cat conftest.err >&5 + # Otherwise, if the output was created with a 0 exit code from + # the compiler, it worked. + elif test -f libconftest.dylib && test 0 = "$_lt_result"; then + lt_cv_apple_cc_single_mod=yes + else + cat conftest.err >&5 + fi + rm -rf libconftest.dylib* + rm -f conftest.* + fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_apple_cc_single_mod" >&5 +$as_echo "$lt_cv_apple_cc_single_mod" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -exported_symbols_list linker flag" >&5 +$as_echo_n "checking for -exported_symbols_list linker flag... " >&6; } +if ${lt_cv_ld_exported_symbols_list+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_exported_symbols_list=no + save_LDFLAGS=$LDFLAGS + echo "_main" > conftest.sym + LDFLAGS="$LDFLAGS -Wl,-exported_symbols_list,conftest.sym" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_ld_exported_symbols_list=yes +else + lt_cv_ld_exported_symbols_list=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_exported_symbols_list" >&5 +$as_echo "$lt_cv_ld_exported_symbols_list" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for -force_load linker flag" >&5 +$as_echo_n "checking for -force_load linker flag... " >&6; } +if ${lt_cv_ld_force_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_ld_force_load=no + cat > conftest.c << _LT_EOF +int forced_loaded() { return 2;} +_LT_EOF + echo "$LTCC $LTCFLAGS -c -o conftest.o conftest.c" >&5 + $LTCC $LTCFLAGS -c -o conftest.o conftest.c 2>&5 + echo "$AR cru libconftest.a conftest.o" >&5 + $AR cru libconftest.a conftest.o 2>&5 + echo "$RANLIB libconftest.a" >&5 + $RANLIB libconftest.a 2>&5 + cat > conftest.c << _LT_EOF +int main() { return 0;} +_LT_EOF + echo "$LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a" >&5 + $LTCC $LTCFLAGS $LDFLAGS -o conftest conftest.c -Wl,-force_load,./libconftest.a 2>conftest.err + _lt_result=$? + if test -s conftest.err && $GREP force_load conftest.err; then + cat conftest.err >&5 + elif test -f conftest && test 0 = "$_lt_result" && $GREP forced_load conftest >/dev/null 2>&1; then + lt_cv_ld_force_load=yes + else + cat conftest.err >&5 + fi + rm -f conftest.err libconftest.a conftest conftest.c + rm -rf conftest.dSYM + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_ld_force_load" >&5 +$as_echo "$lt_cv_ld_force_load" >&6; } + case $host_os in + rhapsody* | darwin1.[012]) + _lt_dar_allow_undefined='$wl-undefined ${wl}suppress' ;; + darwin1.*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + darwin*) # darwin 5.x on + # if running on 10.5 or later, the deployment target defaults + # to the OS version, if on x86, and 10.4, the deployment + # target defaults to 10.4. Don't you love it? + case ${MACOSX_DEPLOYMENT_TARGET-10.0},$host in + 10.0,*86*-darwin8*|10.0,*-darwin[91]*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + 10.[012][,.]*) + _lt_dar_allow_undefined='$wl-flat_namespace $wl-undefined ${wl}suppress' ;; + 10.*) + _lt_dar_allow_undefined='$wl-undefined ${wl}dynamic_lookup' ;; + esac + ;; + esac + if test yes = "$lt_cv_apple_cc_single_mod"; then + _lt_dar_single_mod='$single_module' + fi + if test yes = "$lt_cv_ld_exported_symbols_list"; then + _lt_dar_export_syms=' $wl-exported_symbols_list,$output_objdir/$libname-symbols.expsym' + else + _lt_dar_export_syms='~$NMEDIT -s $output_objdir/$libname-symbols.expsym $lib' + fi + if test : != "$DSYMUTIL" && test no = "$lt_cv_ld_force_load"; then + _lt_dsymutil='~$DSYMUTIL $lib || :' + else + _lt_dsymutil= + fi + ;; + esac + +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CPP=$CPP + +fi + CPP=$ac_cv_prog_CPP +else + ac_cv_prog_CPP=$CPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CPP" >&5 +$as_echo "$CPP" >&6; } +ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C preprocessor \"$CPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for ANSI C header files" >&5 +$as_echo_n "checking for ANSI C header files... " >&6; } +if ${ac_cv_header_stdc+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#include +#include + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdc=yes +else + ac_cv_header_stdc=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "memchr" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include + +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + $EGREP "free" >/dev/null 2>&1; then : + +else + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. + if test "$cross_compiling" = yes; then : + : +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#include +#if ((' ' & 0x0FF) == 0x020) +# define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +# define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#else +# define ISLOWER(c) \ + (('a' <= (c) && (c) <= 'i') \ + || ('j' <= (c) && (c) <= 'r') \ + || ('s' <= (c) && (c) <= 'z')) +# define TOUPPER(c) (ISLOWER(c) ? ((c) | 0x40) : (c)) +#endif + +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int +main () +{ + int i; + for (i = 0; i < 256; i++) + if (XOR (islower (i), ISLOWER (i)) + || toupper (i) != TOUPPER (i)) + return 2; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + +else + ac_cv_header_stdc=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdc" >&5 +$as_echo "$ac_cv_header_stdc" >&6; } +if test $ac_cv_header_stdc = yes; then + +$as_echo "#define STDC_HEADERS 1" >>confdefs.h + +fi + +# On IRIX 5.3, sys/types and inttypes.h are conflicting. +for ac_header in sys/types.h sys/stat.h stdlib.h string.h memory.h strings.h \ + inttypes.h stdint.h unistd.h +do : + as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` +ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default +" +if eval test \"x\$"$as_ac_Header"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1 +_ACEOF + +fi + +done + + +for ac_header in dlfcn.h +do : + ac_fn_c_check_header_compile "$LINENO" "dlfcn.h" "ac_cv_header_dlfcn_h" "$ac_includes_default +" +if test "x$ac_cv_header_dlfcn_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_DLFCN_H 1 +_ACEOF + +fi + +done + + + +func_stripname_cnf () +{ + case $2 in + .*) func_stripname_result=`$ECHO "$3" | $SED "s%^$1%%; s%\\\\$2\$%%"`;; + *) func_stripname_result=`$ECHO "$3" | $SED "s%^$1%%; s%$2\$%%"`;; + esac +} # func_stripname_cnf + + + + + +# Set options +# Check whether --enable-static was given. +if test "${enable_static+set}" = set; then : + enableval=$enable_static; p=${PACKAGE-default} + case $enableval in + yes) enable_static=yes ;; + no) enable_static=no ;; + *) + enable_static=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + enable_static=no +fi + + + + + + + + + + + enable_dlopen=no + + + enable_win32_dll=no + + + # Check whether --enable-shared was given. +if test "${enable_shared+set}" = set; then : + enableval=$enable_shared; p=${PACKAGE-default} + case $enableval in + yes) enable_shared=yes ;; + no) enable_shared=no ;; + *) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + enable_shared=yes +fi + + + + + + + + + + + +# Check whether --with-pic was given. +if test "${with_pic+set}" = set; then : + withval=$with_pic; lt_p=${PACKAGE-default} + case $withval in + yes|no) pic_mode=$withval ;; + *) + pic_mode=default + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for lt_pkg in $withval; do + IFS=$lt_save_ifs + if test "X$lt_pkg" = "X$lt_p"; then + pic_mode=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + pic_mode=default +fi + + + + + + + + + # Check whether --enable-fast-install was given. +if test "${enable_fast_install+set}" = set; then : + enableval=$enable_fast_install; p=${PACKAGE-default} + case $enableval in + yes) enable_fast_install=yes ;; + no) enable_fast_install=no ;; + *) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + lt_save_ifs=$IFS; IFS=$IFS$PATH_SEPARATOR, + for pkg in $enableval; do + IFS=$lt_save_ifs + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS=$lt_save_ifs + ;; + esac +else + enable_fast_install=yes +fi + + + + + + + + + shared_archive_member_spec= +case $host,$enable_shared in +power*-*-aix[5-9]*,yes) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking which variant of shared library versioning to provide" >&5 +$as_echo_n "checking which variant of shared library versioning to provide... " >&6; } + +# Check whether --with-aix-soname was given. +if test "${with_aix_soname+set}" = set; then : + withval=$with_aix_soname; case $withval in + aix|svr4|both) + ;; + *) + as_fn_error $? "Unknown argument to --with-aix-soname" "$LINENO" 5 + ;; + esac + lt_cv_with_aix_soname=$with_aix_soname +else + if ${lt_cv_with_aix_soname+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_with_aix_soname=aix +fi + + with_aix_soname=$lt_cv_with_aix_soname +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_aix_soname" >&5 +$as_echo "$with_aix_soname" >&6; } + if test aix != "$with_aix_soname"; then + # For the AIX way of multilib, we name the shared archive member + # based on the bitwidth used, traditionally 'shr.o' or 'shr_64.o', + # and 'shr.imp' or 'shr_64.imp', respectively, for the Import File. + # Even when GNU compilers ignore OBJECT_MODE but need '-maix64' flag, + # the AIX toolchain works better with OBJECT_MODE set (default 32). + if test 64 = "${OBJECT_MODE-32}"; then + shared_archive_member_spec=shr_64 + else + shared_archive_member_spec=shr + fi + fi + ;; +*) + with_aix_soname=aix + ;; +esac + + + + + + + + + + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS=$ltmain + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +test -z "$LN_S" && LN_S="ln -s" + + + + + + + + + + + + + + +if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for objdir" >&5 +$as_echo_n "checking for objdir... " >&6; } +if ${lt_cv_objdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + rm -f .libs 2>/dev/null +mkdir .libs 2>/dev/null +if test -d .libs; then + lt_cv_objdir=.libs +else + # MS-DOS does not allow filenames that begin with a dot. + lt_cv_objdir=_libs +fi +rmdir .libs 2>/dev/null +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_objdir" >&5 +$as_echo "$lt_cv_objdir" >&6; } +objdir=$lt_cv_objdir + + + + + +cat >>confdefs.h <<_ACEOF +#define LT_OBJDIR "$lt_cv_objdir/" +_ACEOF + + + + +case $host_os in +aix3*) + # AIX sometimes has problems with the GCC collect2 program. For some + # reason, if we set the COLLECT_NAMES environment variable, the problems + # vanish in a puff of smoke. + if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES + fi + ;; +esac + +# Global variables: +ofile=libtool +can_build_shared=yes + +# All known linkers require a '.a' archive for static linking (except MSVC, +# which needs '.lib'). +libext=a + +with_gnu_ld=$lt_cv_prog_gnu_ld + +old_CC=$CC +old_CFLAGS=$CFLAGS + +# Set sane defaults for various variables +test -z "$CC" && CC=cc +test -z "$LTCC" && LTCC=$CC +test -z "$LTCFLAGS" && LTCFLAGS=$CFLAGS +test -z "$LD" && LD=ld +test -z "$ac_objext" && ac_objext=o + +func_cc_basename $compiler +cc_basename=$func_cc_basename_result + + +# Only perform the check for file, if the check method requires it +test -z "$MAGIC_CMD" && MAGIC_CMD=file +case $deplibs_check_method in +file_magic*) + if test "$file_magic_cmd" = '$MAGIC_CMD'; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ${ac_tool_prefix}file" >&5 +$as_echo_n "checking for ${ac_tool_prefix}file... " >&6; } +if ${lt_cv_path_MAGIC_CMD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/${ac_tool_prefix}file"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"${ac_tool_prefix}file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD=$lt_cv_path_MAGIC_CMD + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD + ;; +esac +fi + +MAGIC_CMD=$lt_cv_path_MAGIC_CMD +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + + + +if test -z "$lt_cv_path_MAGIC_CMD"; then + if test -n "$ac_tool_prefix"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for file" >&5 +$as_echo_n "checking for file... " >&6; } +if ${lt_cv_path_MAGIC_CMD+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $MAGIC_CMD in +[\\/*] | ?:[\\/]*) + lt_cv_path_MAGIC_CMD=$MAGIC_CMD # Let the user override the test with a path. + ;; +*) + lt_save_MAGIC_CMD=$MAGIC_CMD + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + ac_dummy="/usr/bin$PATH_SEPARATOR$PATH" + for ac_dir in $ac_dummy; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/file"; then + lt_cv_path_MAGIC_CMD=$ac_dir/"file" + if test -n "$file_magic_test_file"; then + case $deplibs_check_method in + "file_magic "*) + file_magic_regex=`expr "$deplibs_check_method" : "file_magic \(.*\)"` + MAGIC_CMD=$lt_cv_path_MAGIC_CMD + if eval $file_magic_cmd \$file_magic_test_file 2> /dev/null | + $EGREP "$file_magic_regex" > /dev/null; then + : + else + cat <<_LT_EOF 1>&2 + +*** Warning: the command libtool uses to detect shared libraries, +*** $file_magic_cmd, produces output that libtool cannot recognize. +*** The result is that libtool may fail to recognize shared libraries +*** as such. This will affect the creation of libtool libraries that +*** depend on shared libraries, but programs linked with such libtool +*** libraries will work regardless of this problem. Nevertheless, you +*** may want to report the problem to your system manager and/or to +*** bug-libtool@gnu.org + +_LT_EOF + fi ;; + esac + fi + break + fi + done + IFS=$lt_save_ifs + MAGIC_CMD=$lt_save_MAGIC_CMD + ;; +esac +fi + +MAGIC_CMD=$lt_cv_path_MAGIC_CMD +if test -n "$MAGIC_CMD"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $MAGIC_CMD" >&5 +$as_echo "$MAGIC_CMD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + else + MAGIC_CMD=: + fi +fi + + fi + ;; +esac + +# Use C for the default configuration in the libtool script + +lt_save_CC=$CC +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + +# Source file extension for C test sources. +ac_ext=c + +# Object file extension for compiled C test sources. +objext=o +objext=$objext + +# Code to be used in simple compile tests +lt_simple_compile_test_code="int some_variable = 0;" + +# Code to be used in simple link tests +lt_simple_link_test_code='int main(){return(0);}' + + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + +# Save the default compiler, since it gets overwritten when the other +# tags are being tested, and _LT_TAGVAR(compiler, []) is a NOP. +compiler_DEFAULT=$CC + +# save warnings/boilerplate of simple test code +ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* + +ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* + + +## CAVEAT EMPTOR: +## There is no encapsulation within the following macros, do not change +## the running order or otherwise move them around unless you know exactly +## what you are doing... +if test -n "$compiler"; then + +lt_prog_compiler_no_builtin_flag= + +if test yes = "$GCC"; then + case $cc_basename in + nvcc*) + lt_prog_compiler_no_builtin_flag=' -Xcompiler -fno-builtin' ;; + *) + lt_prog_compiler_no_builtin_flag=' -fno-builtin' ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -fno-rtti -fno-exceptions" >&5 +$as_echo_n "checking if $compiler supports -fno-rtti -fno-exceptions... " >&6; } +if ${lt_cv_prog_compiler_rtti_exceptions+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_rtti_exceptions=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="-fno-rtti -fno-exceptions" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_rtti_exceptions=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_rtti_exceptions" >&5 +$as_echo "$lt_cv_prog_compiler_rtti_exceptions" >&6; } + +if test yes = "$lt_cv_prog_compiler_rtti_exceptions"; then + lt_prog_compiler_no_builtin_flag="$lt_prog_compiler_no_builtin_flag -fno-rtti -fno-exceptions" +else + : +fi + +fi + + + + + + + lt_prog_compiler_wl= +lt_prog_compiler_pic= +lt_prog_compiler_static= + + + if test yes = "$GCC"; then + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_static='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + fi + lt_prog_compiler_pic='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + lt_prog_compiler_pic='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + ;; + + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + lt_prog_compiler_static= + ;; + + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + ;; + + interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + + msdosdjgpp*) + # Just because we use GCC doesn't mean we suddenly get shared libraries + # on systems that don't support them. + lt_prog_compiler_can_build_shared=no + enable_shared=no + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic=-Kconform_pic + fi + ;; + + *) + lt_prog_compiler_pic='-fPIC' + ;; + esac + + case $cc_basename in + nvcc*) # Cuda Compiler Driver 2.2 + lt_prog_compiler_wl='-Xlinker ' + if test -n "$lt_prog_compiler_pic"; then + lt_prog_compiler_pic="-Xcompiler $lt_prog_compiler_pic" + fi + ;; + esac + else + # PORTME Check for flag to pass linker flags through the system compiler. + case $host_os in + aix*) + lt_prog_compiler_wl='-Wl,' + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static='-Bstatic' + else + lt_prog_compiler_static='-bnso -bI:/lib/syscalls.exp' + fi + ;; + + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic='-fno-common' + case $cc_basename in + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + + mingw* | cygwin* | pw32* | os2* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static='$wl-static' + ;; + esac + ;; + + hpux9* | hpux10* | hpux11*) + lt_prog_compiler_wl='-Wl,' + # PIC is the default for IA64 HP-UX and 64-bit HP-UX, but + # not for PA HP-UX. + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic='+Z' + ;; + esac + # Is there a better lt_prog_compiler_static that works with the bundled CC? + lt_prog_compiler_static='$wl-a ${wl}archive' + ;; + + irix5* | irix6* | nonstopux*) + lt_prog_compiler_wl='-Wl,' + # PIC (with -KPIC) is the default. + lt_prog_compiler_static='-non_shared' + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + # old Intel for x86_64, which still supported -KPIC. + ecc*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-static' + ;; + # icc used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + icc* | ifort*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + # Lahey Fortran 8.1. + lf95*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='--shared' + lt_prog_compiler_static='--static' + ;; + nagfor*) + # NAG Fortran compiler + lt_prog_compiler_wl='-Wl,-Wl,,' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + pgcc* | pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group compilers (*not* the Pentium gcc compiler, + # which looks to be a dead project) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + ccc*) + lt_prog_compiler_wl='-Wl,' + # All Alpha code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + xl* | bgxl* | bgf* | mpixl*) + # IBM XL C 8.0/Fortran 10.1, 11.1 on PPC and BlueGene + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-qpic' + lt_prog_compiler_static='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ Ceres\ Fortran* | *Sun*Fortran*\ [1-7].* | *Sun*Fortran*\ 8.[0-3]*) + # Sun Fortran 8.3 passes all unrecognized flags to the linker + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='' + ;; + *Sun\ F* | *Sun*Fortran*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Qoption ld ' + ;; + *Sun\ C*) + # Sun C 5.9 + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + lt_prog_compiler_wl='-Wl,' + ;; + *Intel*\ [CF]*Compiler*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fPIC' + lt_prog_compiler_static='-static' + ;; + *Portland\ Group*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-fpic' + lt_prog_compiler_static='-Bstatic' + ;; + esac + ;; + esac + ;; + + newsos6) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + *nto* | *qnx*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic='-fPIC -shared' + ;; + + osf3* | osf4* | osf5*) + lt_prog_compiler_wl='-Wl,' + # All OSF/1 code is PIC. + lt_prog_compiler_static='-non_shared' + ;; + + rdos*) + lt_prog_compiler_static='-non_shared' + ;; + + solaris*) + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + case $cc_basename in + f77* | f90* | f95* | sunf77* | sunf90* | sunf95*) + lt_prog_compiler_wl='-Qoption ld ';; + *) + lt_prog_compiler_wl='-Wl,';; + esac + ;; + + sunos4*) + lt_prog_compiler_wl='-Qoption ld ' + lt_prog_compiler_pic='-PIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4 | sysv4.2uw2* | sysv4.3*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic='-Kconform_pic' + lt_prog_compiler_static='-Bstatic' + fi + ;; + + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_pic='-KPIC' + lt_prog_compiler_static='-Bstatic' + ;; + + unicos*) + lt_prog_compiler_wl='-Wl,' + lt_prog_compiler_can_build_shared=no + ;; + + uts4*) + lt_prog_compiler_pic='-pic' + lt_prog_compiler_static='-Bstatic' + ;; + + *) + lt_prog_compiler_can_build_shared=no + ;; + esac + fi + +case $host_os in + # For platforms that do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic= + ;; + *) + lt_prog_compiler_pic="$lt_prog_compiler_pic -DPIC" + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +$as_echo_n "checking for $compiler option to produce PIC... " >&6; } +if ${lt_cv_prog_compiler_pic+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic=$lt_prog_compiler_pic +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic" >&5 +$as_echo "$lt_cv_prog_compiler_pic" >&6; } +lt_prog_compiler_pic=$lt_cv_prog_compiler_pic + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic works" >&5 +$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic works... " >&6; } +if ${lt_cv_prog_compiler_pic_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_works=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic -DPIC" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works" >&5 +$as_echo "$lt_cv_prog_compiler_pic_works" >&6; } + +if test yes = "$lt_cv_prog_compiler_pic_works"; then + case $lt_prog_compiler_pic in + "" | " "*) ;; + *) lt_prog_compiler_pic=" $lt_prog_compiler_pic" ;; + esac +else + lt_prog_compiler_pic= + lt_prog_compiler_can_build_shared=no +fi + +fi + + + + + + + + + + + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl eval lt_tmp_static_flag=\"$lt_prog_compiler_static\" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if ${lt_cv_prog_compiler_static_works+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_static_works=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_static_works=yes + fi + else + lt_cv_prog_compiler_static_works=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works" >&5 +$as_echo "$lt_cv_prog_compiler_static_works" >&6; } + +if test yes = "$lt_cv_prog_compiler_static_works"; then + : +else + lt_prog_compiler_static= +fi + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o" >&5 +$as_echo "$lt_cv_prog_compiler_c_o" >&6; } + + + + +hard_links=nottested +if test no = "$lt_cv_prog_compiler_c_o" && test no != "$need_locks"; then + # do not overwrite the value of need_locks provided by the user + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +$as_echo_n "checking if we can lock with hard links... " >&6; } + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +$as_echo "$hard_links" >&6; } + if test no = "$hard_links"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + + runpath_var= + allow_undefined_flag= + always_export_symbols=no + archive_cmds= + archive_expsym_cmds= + compiler_needs_object=no + enable_shared_with_static_runtimes=no + export_dynamic_flag_spec= + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + hardcode_automatic=no + hardcode_direct=no + hardcode_direct_absolute=no + hardcode_libdir_flag_spec= + hardcode_libdir_separator= + hardcode_minus_L=no + hardcode_shlibpath_var=unsupported + inherit_rpath=no + link_all_deplibs=unknown + module_cmds= + module_expsym_cmds= + old_archive_from_new_cmds= + old_archive_from_expsyms_cmds= + thread_safe_flag_spec= + whole_archive_flag_spec= + # include_expsyms should be a list of space-separated symbols to be *always* + # included in the symbol list + include_expsyms= + # exclude_expsyms can be an extended regexp of symbols to exclude + # it will be wrapped by ' (' and ')$', so one must not match beginning or + # end of line. Example: 'a|bc|.*d.*' will exclude the symbols 'a' and 'bc', + # as well as any symbol that contains 'd'. + exclude_expsyms='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' + # Although _GLOBAL_OFFSET_TABLE_ is a valid symbol C name, most a.out + # platforms (ab)use it in PIC code, but their linkers get confused if + # the symbol is explicitly referenced. Since portable code cannot + # rely on this symbol name, it's probably fine to never include it in + # preloaded symbol tables. + # Exclude shared library initialization/finalization symbols. + extract_expsyms_cmds= + + case $host_os in + cygwin* | mingw* | pw32* | cegcc*) + # FIXME: the MSVC++ port hasn't been tested in a loooong time + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + if test yes != "$GCC"; then + with_gnu_ld=no + fi + ;; + interix*) + # we just hope/assume this is gcc and not c89 (= MSVC++) + with_gnu_ld=yes + ;; + openbsd* | bitrig*) + with_gnu_ld=no + ;; + esac + + ld_shlibs=yes + + # On some targets, GNU ld is compatible enough with the native linker + # that we're better off using the native interface for both. + lt_use_gnu_ld_interface=no + if test yes = "$with_gnu_ld"; then + case $host_os in + aix*) + # The AIX port of GNU ld has always aspired to compatibility + # with the native linker. However, as the warning in the GNU ld + # block says, versions before 2.19.5* couldn't really create working + # shared libraries, regardless of the interface used. + case `$LD -v 2>&1` in + *\ \(GNU\ Binutils\)\ 2.19.5*) ;; + *\ \(GNU\ Binutils\)\ 2.[2-9]*) ;; + *\ \(GNU\ Binutils\)\ [3-9]*) ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + ;; + *) + lt_use_gnu_ld_interface=yes + ;; + esac + fi + + if test yes = "$lt_use_gnu_ld_interface"; then + # If archive_cmds runs LD, not CC, wlarc should be empty + wlarc='$wl' + + # Set some defaults for GNU ld with shared library support. These + # are reset later if shared libraries are not supported. Putting them + # here allows them to be overridden if necessary. + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + export_dynamic_flag_spec='$wl--export-dynamic' + # ancient GNU ld didn't support --whole-archive et. al. + if $LD --help 2>&1 | $GREP 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + else + whole_archive_flag_spec= + fi + supports_anon_versioning=no + case `$LD -v | $SED -e 's/(^)\+)\s\+//' 2>&1` in + *GNU\ gold*) supports_anon_versioning=yes ;; + *\ [01].* | *\ 2.[0-9].* | *\ 2.10.*) ;; # catch versions < 2.11 + *\ 2.11.93.0.2\ *) supports_anon_versioning=yes ;; # RH7.3 ... + *\ 2.11.92.0.12\ *) supports_anon_versioning=yes ;; # Mandrake 8.2 ... + *\ 2.11.*) ;; # other 2.11 versions + *) supports_anon_versioning=yes ;; + esac + + # See if GNU ld supports shared libraries. + case $host_os in + aix[3-9]*) + # On AIX/PPC, the GNU linker is very broken + if test ia64 != "$host_cpu"; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: the GNU linker, at least up to release 2.19, is reported +*** to be unable to reliably create shared libraries on AIX. +*** Therefore, libtool is disabling shared libraries support. If you +*** really care for shared libraries, you may want to install binutils +*** 2.20 or above, or modify your PATH so that a non-GNU linker is found. +*** You will then need to restart the configuration process. + +_LT_EOF + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + else + ld_shlibs=no + fi + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # _LT_TAGVAR(hardcode_libdir_flag_spec, ) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec='-L$libdir' + export_dynamic_flag_spec='$wl--export-all-symbols' + allow_undefined_flag=unsupported + always_export_symbols=no + enable_shared_with_static_runtimes=yes + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' + exclude_expsyms='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared $output_objdir/$soname.def $libobjs $deplibs $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs=no + fi + ;; + + haiku*) + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + link_all_deplibs=yes + ;; + + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes + ;; + + interix[3-9]*) + hardcode_direct=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + export_dynamic_flag_spec='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + + gnu* | linux* | tpf* | k*bsd*-gnu | kopensolaris*-gnu) + tmp_diet=no + if test linux-dietlibc = "$host_os"; then + case $cc_basename in + diet\ *) tmp_diet=yes;; # linux-dietlibc with static linking (!diet-dyn) + esac + fi + if $LD --help 2>&1 | $EGREP ': supported targets:.* elf' > /dev/null \ + && test no = "$tmp_diet" + then + tmp_addflag=' $pic_flag' + tmp_sharedflag='-shared' + case $cc_basename,$host_cpu in + pgcc*) # Portland Group C compiler + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + tmp_addflag=' $pic_flag' + ;; + pgf77* | pgf90* | pgf95* | pgfortran*) + # Portland Group f77 and f90 compilers + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + tmp_addflag=' $pic_flag -Mnomain' ;; + ecc*,ia64* | icc*,ia64*) # Intel C compiler on ia64 + tmp_addflag=' -i_dynamic' ;; + efc*,ia64* | ifort*,ia64*) # Intel Fortran compiler on ia64 + tmp_addflag=' -i_dynamic -nofor_main' ;; + ifc* | ifort*) # Intel Fortran compiler + tmp_addflag=' -nofor_main' ;; + lf95*) # Lahey Fortran 8.1 + whole_archive_flag_spec= + tmp_sharedflag='--shared' ;; + nagfor*) # NAGFOR 5.3 + tmp_sharedflag='-Wl,-shared' ;; + xl[cC]* | bgxl[cC]* | mpixl[cC]*) # IBM XL C 8.0 on PPC (deal with xlf below) + tmp_sharedflag='-qmkshrobj' + tmp_addflag= ;; + nvcc*) # Cuda Compiler Driver 2.2 + whole_archive_flag_spec='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + compiler_needs_object=yes + ;; + esac + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) # Sun C 5.9 + whole_archive_flag_spec='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + compiler_needs_object=yes + tmp_sharedflag='-G' ;; + *Sun\ F*) # Sun Fortran 8.3 + tmp_sharedflag='-G' ;; + esac + archive_cmds='$CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + + if test yes = "$supports_anon_versioning"; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC '"$tmp_sharedflag""$tmp_addflag"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' + fi + + case $cc_basename in + tcc*) + export_dynamic_flag_spec='-rdynamic' + ;; + xlf* | bgf* | bgxlf* | mpixlf*) + # IBM XL Fortran 10.1 on PPC cannot create shared libs itself + whole_archive_flag_spec='--whole-archive$convenience --no-whole-archive' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + archive_cmds='$LD -shared $libobjs $deplibs $linker_flags -soname $soname -o $lib' + if test yes = "$supports_anon_versioning"; then + archive_expsym_cmds='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $LD -shared $libobjs $deplibs $linker_flags -soname $soname -version-script $output_objdir/$libname.ver -o $lib' + fi + ;; + esac + else + ld_shlibs=no + fi + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable $libobjs $deplibs $linker_flags -o $lib' + wlarc= + else + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + fi + ;; + + solaris*) + if $LD -v 2>&1 | $GREP 'BFD 2\.8' > /dev/null; then + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: The releases 2.8.* of the GNU linker cannot reliably +*** create shared libraries on Solaris systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.9.1 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + elif $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + + sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX*) + case `$LD -v 2>&1` in + *\ [01].* | *\ 2.[0-9].* | *\ 2.1[0-5].*) + ld_shlibs=no + cat <<_LT_EOF 1>&2 + +*** Warning: Releases of the GNU linker prior to 2.16.91.0.3 cannot +*** reliably create shared libraries on SCO systems. Therefore, libtool +*** is disabling shared libraries support. We urge you to upgrade GNU +*** binutils to release 2.16.91.0.3 or newer. Another option is to modify +*** your PATH or compiler configuration so that the native linker is +*** used, and then restart. + +_LT_EOF + ;; + *) + # For security reasons, it is highly recommended that you always + # use absolute paths for naming shared libraries, and exclude the + # DT_RUNPATH tag from executables and libraries. But doing so + # requires that you compile everything twice, which is a pain. + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + ;; + + sunos4*) + archive_cmds='$LD -assert pure-text -Bshareable -o $lib $libobjs $deplibs $linker_flags' + wlarc= + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + *) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + else + ld_shlibs=no + fi + ;; + esac + + if test no = "$ld_shlibs"; then + runpath_var= + hardcode_libdir_flag_spec= + export_dynamic_flag_spec= + whole_archive_flag_spec= + fi + else + # PORTME fill in a description of your system's linker (not GNU ld) + case $host_os in + aix3*) + allow_undefined_flag=unsupported + always_export_symbols=yes + archive_expsym_cmds='$LD -o $output_objdir/$soname $libobjs $deplibs $linker_flags -bE:$export_symbols -T512 -H512 -bM:SRE~$AR $AR_FLAGS $lib $output_objdir/$soname' + # Note: this linker hardcodes the directories in LIBPATH if there + # are no directories specified by -L. + hardcode_minus_L=yes + if test yes = "$GCC" && test -z "$lt_prog_compiler_static"; then + # Neither direct hardcoding nor static linking is supported with a + # broken collect2. + hardcode_direct=unsupported + fi + ;; + + aix[4-9]*) + if test ia64 = "$host_cpu"; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag= + else + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + export_symbols_cmds='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + fi + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + if (test x-brtl = "x$ld_flag" || test x-Wl,-brtl = "x$ld_flag"); then + aix_use_runtimelinking=yes + break + fi + done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds='' + hardcode_direct=yes + hardcode_direct_absolute=yes + hardcode_libdir_separator=':' + link_all_deplibs=yes + file_list_spec='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # traditional, no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + hardcode_direct=no + hardcode_direct_absolute=no + ;; + esac + + if test yes = "$GCC"; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`$CC -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L=yes + hardcode_libdir_flag_spec='-L$libdir' + hardcode_libdir_separator= + fi + ;; + esac + shared_flag='-shared' + if test yes = "$aix_use_runtimelinking"; then + shared_flag="$shared_flag "'$wl-G' + fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' + else + # not using gcc + if test ia64 = "$host_cpu"; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' + else + shared_flag='$wl-bM:SRE' + fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' + fi + fi + + export_dynamic_flag_spec='$wl-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to export. + always_export_symbols=yes + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + allow_undefined_flag='-berok' + # Determine the default libpath from the value encoded in an + # empty executable. + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath_+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=/usr/lib:/lib + fi + +fi + + aix_libpath=$lt_cv_aix_libpath_ +fi + + hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" + archive_expsym_cmds='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then + hardcode_libdir_flag_spec='$wl-R $libdir:/usr/lib:/lib' + allow_undefined_flag="-z nodefs" + archive_expsym_cmds="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath_+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath_=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath_"; then + lt_cv_aix_libpath_=/usr/lib:/lib + fi + +fi + + aix_libpath=$lt_cv_aix_libpath_ +fi + + hardcode_libdir_flag_spec='$wl-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag=' $wl-bernotok' + allow_undefined_flag=' $wl-berok' + if test yes = "$with_gnu_ld"; then + # We only use this code for GNU lds that support --whole-archive. + whole_archive_flag_spec='$wl--whole-archive$convenience $wl--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec='$convenience' + fi + archive_cmds_need_lc=yes + archive_expsym_cmds='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared libraries. + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + archive_expsym_cmds="$archive_expsym_cmds"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + archive_expsym_cmds="$archive_expsym_cmds"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + archive_expsym_cmds="$archive_expsym_cmds"'~$RM -r $output_objdir/$realname.d' + fi + fi + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds='' + ;; + m68k) + archive_cmds='$RM $output_objdir/a2ixlibrary.data~$ECHO "#define NAME $libname" > $output_objdir/a2ixlibrary.data~$ECHO "#define LIBRARY_ID 1" >> $output_objdir/a2ixlibrary.data~$ECHO "#define VERSION $major" >> $output_objdir/a2ixlibrary.data~$ECHO "#define REVISION $revision" >> $output_objdir/a2ixlibrary.data~$AR $AR_FLAGS $lib $libobjs~$RANLIB $lib~(cd $output_objdir && a2ixlibrary -32)' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + ;; + esac + ;; + + bsdi[45]*) + export_dynamic_flag_spec=-rdynamic + ;; + + cygwin* | mingw* | pw32* | cegcc*) + # When not using gcc, we currently assume that we are using + # Microsoft Visual C++. + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + case $cc_basename in + cl*) + # Native MSVC + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + always_export_symbols=yes + file_list_spec='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + archive_expsym_cmds='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, )='true' + enable_shared_with_static_runtimes=yes + exclude_expsyms='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + export_symbols_cmds='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1,DATA/'\'' | $SED -e '\''/^[AITW][ ]/s/.*[ ]//'\'' | sort | uniq > $export_symbols' + # Don't use ranlib + old_postinstall_cmds='chmod 644 $oldlib' + postlink_cmds='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # Assume MSVC wrapper + hardcode_libdir_flag_spec=' ' + allow_undefined_flag=unsupported + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + archive_cmds='$CC -o $lib $libobjs $compiler_flags `func_echo_all "$deplibs" | $SED '\''s/ -lc$//'\''` -link -dll~linknames=' + # The linker will automatically build a .lib file if we build a DLL. + old_archive_from_new_cmds='true' + # FIXME: Should let the user specify the lib program. + old_archive_cmds='lib -OUT:$oldlib$oldobjs$old_deplibs' + enable_shared_with_static_runtimes=yes + ;; + esac + ;; + + darwin* | rhapsody*) + + + archive_cmds_need_lc=no + hardcode_direct=no + hardcode_automatic=yes + hardcode_shlibpath_var=unsupported + if test yes = "$lt_cv_ld_force_load"; then + whole_archive_flag_spec='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + + else + whole_archive_flag_spec='' + fi + link_all_deplibs=yes + allow_undefined_flag=$_lt_dar_allow_undefined + case $cc_basename in + ifort*|nagfor*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test yes = "$_lt_dar_can_shared"; then + output_verbose_link_cmd=func_echo_all + archive_cmds="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + module_cmds="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + archive_expsym_cmds="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + module_expsym_cmds="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" + + else + ld_shlibs=no + fi + + ;; + + dgux*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + # FreeBSD 2.2.[012] allows us to include c++rt0.o to get C++ constructor + # support. Future versions do this automatically, but an explicit c++rt0.o + # does not break anything, and helps significantly (at the cost of a little + # extra space). + freebsd2.2*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags /usr/lib/c++rt0.o' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + # Unfortunately, older versions of FreeBSD 2 do not have this feature. + freebsd2.*) + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + # FreeBSD 3 and greater uses gcc -shared to do shared libraries. + freebsd* | dragonfly*) + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + hpux9*) + if test yes = "$GCC"; then + archive_cmds='$RM $output_objdir/$soname~$CC -shared $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $libobjs $deplibs $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + else + archive_cmds='$RM $output_objdir/$soname~$LD -b +b $install_libdir -o $output_objdir/$soname $libobjs $deplibs $linker_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + fi + hardcode_libdir_flag_spec='$wl+b $wl$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + export_dynamic_flag_spec='$wl-E' + ;; + + hpux10*) + if test yes,no = "$GCC,$with_gnu_ld"; then + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' + fi + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec='$wl+b $wl$libdir' + hardcode_libdir_separator=: + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='$wl-E' + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + fi + ;; + + hpux11*) + if test yes,no = "$GCC,$with_gnu_ld"; then + case $host_cpu in + hppa*64*) + archive_cmds='$CC -shared $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds='$CC -shared $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + else + case $host_cpu in + hppa*64*) + archive_cmds='$CC -b $wl+h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + ia64*) + archive_cmds='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + + # Older versions of the 11.00 compiler do not understand -b yet + # (HP92453-01 A.11.01.20 doesn't, HP92453-01 B.11.X.35175-35176.GP does) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $CC understands -b" >&5 +$as_echo_n "checking if $CC understands -b... " >&6; } +if ${lt_cv_prog_compiler__b+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler__b=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -b" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler__b=yes + fi + else + lt_cv_prog_compiler__b=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler__b" >&5 +$as_echo "$lt_cv_prog_compiler__b" >&6; } + +if test yes = "$lt_cv_prog_compiler__b"; then + archive_cmds='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $libobjs $deplibs $compiler_flags' +else + archive_cmds='$LD -b +h $soname +b $install_libdir -o $lib $libobjs $deplibs $linker_flags' +fi + + ;; + esac + fi + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec='$wl+b $wl$libdir' + hardcode_libdir_separator=: + + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct=no + hardcode_shlibpath_var=no + ;; + *) + hardcode_direct=yes + hardcode_direct_absolute=yes + export_dynamic_flag_spec='$wl-E' + + # hardcode_minus_L: Not really in the search PATH, + # but as the default location of the library. + hardcode_minus_L=yes + ;; + esac + fi + ;; + + irix5* | irix6* | nonstopux*) + if test yes = "$GCC"; then + archive_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + # Try to use the -exported_symbol ld option, if it does not + # work, assume that -exports_file does not work either and + # implicitly export all symbols. + # This should be the same for all languages, so no per-tag cache variable. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $host_os linker accepts -exported_symbol" >&5 +$as_echo_n "checking whether the $host_os linker accepts -exported_symbol... " >&6; } +if ${lt_cv_irix_exported_symbol+:} false; then : + $as_echo_n "(cached) " >&6 +else + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS -shared $wl-exported_symbol ${wl}foo $wl-update_registry $wl/dev/null" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +int foo (void) { return 0; } +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + lt_cv_irix_exported_symbol=yes +else + lt_cv_irix_exported_symbol=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_irix_exported_symbol" >&5 +$as_echo "$lt_cv_irix_exported_symbol" >&6; } + if test yes = "$lt_cv_irix_exported_symbol"; then + archive_expsym_cmds='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations $wl-exports_file $wl$export_symbols -o $lib' + fi + else + archive_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + archive_expsym_cmds='$CC -shared $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -exports_file $export_symbols -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + hardcode_libdir_separator=: + inherit_rpath=yes + link_all_deplibs=yes + ;; + + linux*) + case $cc_basename in + tcc*) + # Fabrice Bellard et al's Tiny C Compiler + ld_shlibs=yes + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds='$LD -Bshareable -o $lib $libobjs $deplibs $linker_flags' # a.out + else + archive_cmds='$LD -shared -o $lib $libobjs $deplibs $linker_flags' # ELF + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_direct=yes + hardcode_shlibpath_var=no + ;; + + newsos6) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + hardcode_libdir_separator=: + hardcode_shlibpath_var=no + ;; + + *nto* | *qnx*) + ;; + + openbsd* | bitrig*) + if test -f /usr/libexec/ld.so; then + hardcode_direct=yes + hardcode_shlibpath_var=no + hardcode_direct_absolute=yes + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags $wl-retain-symbols-file,$export_symbols' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + export_dynamic_flag_spec='$wl-E' + else + archive_cmds='$CC -shared $pic_flag -o $lib $libobjs $deplibs $compiler_flags' + hardcode_libdir_flag_spec='$wl-rpath,$libdir' + fi + else + ld_shlibs=no + fi + ;; + + os2*) + hardcode_libdir_flag_spec='-L$libdir' + hardcode_minus_L=yes + allow_undefined_flag=unsupported + shrext_cmds=.dll + archive_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes=yes + ;; + + osf3*) + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + fi + archive_cmds_need_lc='no' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + hardcode_libdir_separator=: + ;; + + osf4* | osf5*) # as osf3* with the addition of -msym flag + if test yes = "$GCC"; then + allow_undefined_flag=' $wl-expect_unresolved $wl\*' + archive_cmds='$CC -shared$allow_undefined_flag $pic_flag $libobjs $deplibs $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + hardcode_libdir_flag_spec='$wl-rpath $wl$libdir' + else + allow_undefined_flag=' -expect_unresolved \*' + archive_cmds='$CC -shared$allow_undefined_flag $libobjs $deplibs $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + archive_expsym_cmds='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done; printf "%s\\n" "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $wl-input $wl$lib.exp $compiler_flags $libobjs $deplibs -soname $soname `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~$RM $lib.exp' + + # Both c and cxx compiler support -rpath directly + hardcode_libdir_flag_spec='-rpath $libdir' + fi + archive_cmds_need_lc='no' + hardcode_libdir_separator=: + ;; + + solaris*) + no_undefined_flag=' -z defs' + if test yes = "$GCC"; then + wlarc='$wl' + archive_cmds='$CC -shared $pic_flag $wl-z ${wl}text $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag $wl-z ${wl}text $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + else + case `$CC -V 2>&1` in + *"Compilers 5.0"*) + wlarc='' + archive_cmds='$LD -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $linker_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $LD -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $linker_flags~$RM $lib.exp' + ;; + *) + wlarc='$wl' + archive_cmds='$CC -G$allow_undefined_flag -h $soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G$allow_undefined_flag -M $lib.exp -h $soname -o $lib $libobjs $deplibs $compiler_flags~$RM $lib.exp' + ;; + esac + fi + hardcode_libdir_flag_spec='-R$libdir' + hardcode_shlibpath_var=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands '-z linker_flag'. GCC discards it without '$wl', + # but is careful enough not to reorder. + # Supported since Solaris 2.6 (maybe 2.5.1?) + if test yes = "$GCC"; then + whole_archive_flag_spec='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' + else + whole_archive_flag_spec='-z allextract$convenience -z defaultextract' + fi + ;; + esac + link_all_deplibs=yes + ;; + + sunos4*) + if test sequent = "$host_vendor"; then + # Use $CC to link under sequent, because it throws in some extra .o + # files that make .init and .fini sections work. + archive_cmds='$CC -G $wl-h $soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$LD -assert pure-text -Bstatic -o $lib $libobjs $deplibs $linker_flags' + fi + hardcode_libdir_flag_spec='-L$libdir' + hardcode_direct=yes + hardcode_minus_L=yes + hardcode_shlibpath_var=no + ;; + + sysv4) + case $host_vendor in + sni) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=yes # is this really true??? + ;; + siemens) + ## LD is ld it makes a PLAMLIB + ## CC just makes a GrossModule. + archive_cmds='$LD -G -o $lib $libobjs $deplibs $linker_flags' + reload_cmds='$CC -r -o $output$reload_objs' + hardcode_direct=no + ;; + motorola) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_direct=no #Motorola manual says yes, but my tests say they lie + ;; + esac + runpath_var='LD_RUN_PATH' + hardcode_shlibpath_var=no + ;; + + sysv4.3*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + export_dynamic_flag_spec='-Bexport' + ;; + + sysv4*MP*) + if test -d /usr/nec; then + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_shlibpath_var=no + runpath_var=LD_RUN_PATH + hardcode_runpath_var=yes + ld_shlibs=yes + fi + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag='$wl-z,text' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + runpath_var='LD_RUN_PATH' + + if test yes = "$GCC"; then + archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We CANNOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag='$wl-z,text' + allow_undefined_flag='$wl-z,nodefs' + archive_cmds_need_lc=no + hardcode_shlibpath_var=no + hardcode_libdir_flag_spec='$wl-R,$libdir' + hardcode_libdir_separator=':' + link_all_deplibs=yes + export_dynamic_flag_spec='$wl-Bexport' + runpath_var='LD_RUN_PATH' + + if test yes = "$GCC"; then + archive_cmds='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + else + archive_cmds='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + fi + ;; + + uts4*) + archive_cmds='$LD -G -h $soname -o $lib $libobjs $deplibs $linker_flags' + hardcode_libdir_flag_spec='-L$libdir' + hardcode_shlibpath_var=no + ;; + + *) + ld_shlibs=no + ;; + esac + + if test sni = "$host_vendor"; then + case $host in + sysv4 | sysv4.2uw2* | sysv4.3* | sysv5*) + export_dynamic_flag_spec='$wl-Blargedynsym' + ;; + esac + fi + fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs" >&5 +$as_echo "$ld_shlibs" >&6; } +test no = "$ld_shlibs" && can_build_shared=no + +with_gnu_ld=$with_gnu_ld + + + + + + + + + + + + + + + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc=yes + + if test yes,yes = "$GCC,$enable_shared"; then + case $archive_cmds in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } +if ${lt_cv_archive_cmds_need_lc+:} false; then : + $as_echo_n "(cached) " >&6 +else + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl + pic_flag=$lt_prog_compiler_pic + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag + allow_undefined_flag= + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 + (eval $archive_cmds 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + then + lt_cv_archive_cmds_need_lc=no + else + lt_cv_archive_cmds_need_lc=yes + fi + allow_undefined_flag=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc" >&5 +$as_echo "$lt_cv_archive_cmds_need_lc" >&6; } + archive_cmds_need_lc=$lt_cv_archive_cmds_need_lc + ;; + esac + fi + ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +$as_echo_n "checking dynamic linker characteristics... " >&6; } + +if test yes = "$GCC"; then + case $host_os in + darwin*) lt_awk_arg='/^libraries:/,/LR/' ;; + *) lt_awk_arg='/^libraries:/' ;; + esac + case $host_os in + mingw* | cegcc*) lt_sed_strip_eq='s|=\([A-Za-z]:\)|\1|g' ;; + *) lt_sed_strip_eq='s|=/|/|g' ;; + esac + lt_search_path_spec=`$CC -print-search-dirs | awk $lt_awk_arg | $SED -e "s/^libraries://" -e $lt_sed_strip_eq` + case $lt_search_path_spec in + *\;*) + # if the path contains ";" then we assume it to be the separator + # otherwise default to the standard path separator (i.e. ":") - it is + # assumed that no part of a normal pathname contains ";" but that should + # okay in the real world where ";" in dirpaths is itself problematic. + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED 's/;/ /g'` + ;; + *) + lt_search_path_spec=`$ECHO "$lt_search_path_spec" | $SED "s/$PATH_SEPARATOR/ /g"` + ;; + esac + # Ok, now we have the path, separated by spaces, we can step through it + # and add multilib dir if necessary... + lt_tmp_lt_search_path_spec= + lt_multi_os_dir=/`$CC $CPPFLAGS $CFLAGS $LDFLAGS -print-multi-os-directory 2>/dev/null` + # ...but if some path component already ends with the multilib dir we assume + # that all is fine and trust -print-search-dirs as is (GCC 4.2? or newer). + case "$lt_multi_os_dir; $lt_search_path_spec " in + "/; "* | "/.; "* | "/./; "* | *"$lt_multi_os_dir "* | *"$lt_multi_os_dir/ "*) + lt_multi_os_dir= + ;; + esac + for lt_sys_path in $lt_search_path_spec; do + if test -d "$lt_sys_path$lt_multi_os_dir"; then + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path$lt_multi_os_dir" + elif test -n "$lt_multi_os_dir"; then + test -d "$lt_sys_path" && \ + lt_tmp_lt_search_path_spec="$lt_tmp_lt_search_path_spec $lt_sys_path" + fi + done + lt_search_path_spec=`$ECHO "$lt_tmp_lt_search_path_spec" | awk ' +BEGIN {RS = " "; FS = "/|\n";} { + lt_foo = ""; + lt_count = 0; + for (lt_i = NF; lt_i > 0; lt_i--) { + if ($lt_i != "" && $lt_i != ".") { + if ($lt_i == "..") { + lt_count++; + } else { + if (lt_count == 0) { + lt_foo = "/" $lt_i lt_foo; + } else { + lt_count--; + } + } + } + } + if (lt_foo != "") { lt_freq[lt_foo]++; } + if (lt_freq[lt_foo] == 1) { print lt_foo; } +}'` + # AWK program above erroneously prepends '/' to C:/dos/paths + # for these hosts. + case $host_os in + mingw* | cegcc*) lt_search_path_spec=`$ECHO "$lt_search_path_spec" |\ + $SED 's|/\([A-Za-z]:\)|\1|g'` ;; + esac + sys_lib_search_path_spec=`$ECHO "$lt_search_path_spec" | $lt_NL2SP` +else + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" +fi +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=.so +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + + + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='$libname$release$shared_ext$major' + ;; + +aix[4-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a(lib.so.V)' + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='$libname$shared_ext' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/lib/w32api" + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec=$LIB + if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + + sys_lib_search_path_spec="$sys_lib_search_path_spec /usr/local/lib" + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[23].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 + fi + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[3-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test yes = "$lt_cv_prog_gnu_ld"; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + hardcode_libdir_flag_spec='-L$libdir' + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + if ${lt_cv_shlibpath_overrides_runpath+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$lt_prog_compiler_wl\"; \ + LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec\"" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : + lt_cv_shlibpath_overrides_runpath=yes +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + +fi + + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd* | bitrig*) + version_type=sunos + sys_lib_dlsearch_path_spec=/usr/lib + need_lib_prefix=no + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no + else + need_version=yes + fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +os2*) + libname_spec='$name' + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test yes = "$with_gnu_ld"; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec; then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=sco + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +$as_echo "$dynamic_linker" >&6; } +test no = "$dynamic_linker" && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test yes = "$GCC"; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec +fi + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec +fi + +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +$as_echo_n "checking how to hardcode library paths into programs... " >&6; } +hardcode_action= +if test -n "$hardcode_libdir_flag_spec" || + test -n "$runpath_var" || + test yes = "$hardcode_automatic"; then + + # We can hardcode non-existent directories. + if test no != "$hardcode_direct" && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, )" && + test no != "$hardcode_minus_L"; then + # Linking always hardcodes the temporary library directory. + hardcode_action=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action=unsupported +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action" >&5 +$as_echo "$hardcode_action" >&6; } + +if test relink = "$hardcode_action" || + test yes = "$inherit_rpath"; then + # Fast installation is not supported + enable_fast_install=no +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + + + + + + if test yes != "$enable_dlopen"; then + enable_dlopen=unknown + enable_dlopen_self=unknown + enable_dlopen_self_static=unknown +else + lt_cv_dlopen=no + lt_cv_dlopen_libs= + + case $host_os in + beos*) + lt_cv_dlopen=load_add_on + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + ;; + + mingw* | pw32* | cegcc*) + lt_cv_dlopen=LoadLibrary + lt_cv_dlopen_libs= + ;; + + cygwin*) + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + ;; + + darwin*) + # if libdl is installed we need to link against it + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl +else + + lt_cv_dlopen=dyld + lt_cv_dlopen_libs= + lt_cv_dlopen_self=yes + +fi + + ;; + + tpf*) + # Don't try to run any link tests for TPF. We know it's impossible + # because TPF is a cross-compiler, and we know how we open DSOs. + lt_cv_dlopen=dlopen + lt_cv_dlopen_libs= + lt_cv_dlopen_self=no + ;; + + *) + ac_fn_c_check_func "$LINENO" "shl_load" "ac_cv_func_shl_load" +if test "x$ac_cv_func_shl_load" = xyes; then : + lt_cv_dlopen=shl_load +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for shl_load in -ldld" >&5 +$as_echo_n "checking for shl_load in -ldld... " >&6; } +if ${ac_cv_lib_dld_shl_load+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char shl_load (); +int +main () +{ +return shl_load (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_shl_load=yes +else + ac_cv_lib_dld_shl_load=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_shl_load" >&5 +$as_echo "$ac_cv_lib_dld_shl_load" >&6; } +if test "x$ac_cv_lib_dld_shl_load" = xyes; then : + lt_cv_dlopen=shl_load lt_cv_dlopen_libs=-ldld +else + ac_fn_c_check_func "$LINENO" "dlopen" "ac_cv_func_dlopen" +if test "x$ac_cv_func_dlopen" = xyes; then : + lt_cv_dlopen=dlopen +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -ldl" >&5 +$as_echo_n "checking for dlopen in -ldl... " >&6; } +if ${ac_cv_lib_dl_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldl $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dl_dlopen=yes +else + ac_cv_lib_dl_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dl_dlopen" >&5 +$as_echo "$ac_cv_lib_dl_dlopen" >&6; } +if test "x$ac_cv_lib_dl_dlopen" = xyes; then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-ldl +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlopen in -lsvld" >&5 +$as_echo_n "checking for dlopen in -lsvld... " >&6; } +if ${ac_cv_lib_svld_dlopen+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lsvld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dlopen (); +int +main () +{ +return dlopen (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_svld_dlopen=yes +else + ac_cv_lib_svld_dlopen=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_svld_dlopen" >&5 +$as_echo "$ac_cv_lib_svld_dlopen" >&6; } +if test "x$ac_cv_lib_svld_dlopen" = xyes; then : + lt_cv_dlopen=dlopen lt_cv_dlopen_libs=-lsvld +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for dld_link in -ldld" >&5 +$as_echo_n "checking for dld_link in -ldld... " >&6; } +if ${ac_cv_lib_dld_dld_link+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-ldld $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char dld_link (); +int +main () +{ +return dld_link (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_dld_dld_link=yes +else + ac_cv_lib_dld_dld_link=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_dld_dld_link" >&5 +$as_echo "$ac_cv_lib_dld_dld_link" >&6; } +if test "x$ac_cv_lib_dld_dld_link" = xyes; then : + lt_cv_dlopen=dld_link lt_cv_dlopen_libs=-ldld +fi + + +fi + + +fi + + +fi + + +fi + + +fi + + ;; + esac + + if test no = "$lt_cv_dlopen"; then + enable_dlopen=no + else + enable_dlopen=yes + fi + + case $lt_cv_dlopen in + dlopen) + save_CPPFLAGS=$CPPFLAGS + test yes = "$ac_cv_header_dlfcn_h" && CPPFLAGS="$CPPFLAGS -DHAVE_DLFCN_H" + + save_LDFLAGS=$LDFLAGS + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $export_dynamic_flag_spec\" + + save_LIBS=$LIBS + LIBS="$lt_cv_dlopen_libs $LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a program can dlopen itself" >&5 +$as_echo_n "checking whether a program can dlopen itself... " >&6; } +if ${lt_cv_dlopen_self+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test yes = "$cross_compiling"; then : + lt_cv_dlopen_self=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisibility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self" >&5 +$as_echo "$lt_cv_dlopen_self" >&6; } + + if test yes = "$lt_cv_dlopen_self"; then + wl=$lt_prog_compiler_wl eval LDFLAGS=\"\$LDFLAGS $lt_prog_compiler_static\" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether a statically linked program can dlopen itself" >&5 +$as_echo_n "checking whether a statically linked program can dlopen itself... " >&6; } +if ${lt_cv_dlopen_self_static+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test yes = "$cross_compiling"; then : + lt_cv_dlopen_self_static=cross +else + lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 + lt_status=$lt_dlunknown + cat > conftest.$ac_ext <<_LT_EOF +#line $LINENO "configure" +#include "confdefs.h" + +#if HAVE_DLFCN_H +#include +#endif + +#include + +#ifdef RTLD_GLOBAL +# define LT_DLGLOBAL RTLD_GLOBAL +#else +# ifdef DL_GLOBAL +# define LT_DLGLOBAL DL_GLOBAL +# else +# define LT_DLGLOBAL 0 +# endif +#endif + +/* We may have to define LT_DLLAZY_OR_NOW in the command line if we + find out it does not work in some platform. */ +#ifndef LT_DLLAZY_OR_NOW +# ifdef RTLD_LAZY +# define LT_DLLAZY_OR_NOW RTLD_LAZY +# else +# ifdef DL_LAZY +# define LT_DLLAZY_OR_NOW DL_LAZY +# else +# ifdef RTLD_NOW +# define LT_DLLAZY_OR_NOW RTLD_NOW +# else +# ifdef DL_NOW +# define LT_DLLAZY_OR_NOW DL_NOW +# else +# define LT_DLLAZY_OR_NOW 0 +# endif +# endif +# endif +# endif +#endif + +/* When -fvisibility=hidden is used, assume the code has been annotated + correspondingly for the symbols needed. */ +#if defined __GNUC__ && (((__GNUC__ == 3) && (__GNUC_MINOR__ >= 3)) || (__GNUC__ > 3)) +int fnord () __attribute__((visibility("default"))); +#endif + +int fnord () { return 42; } +int main () +{ + void *self = dlopen (0, LT_DLGLOBAL|LT_DLLAZY_OR_NOW); + int status = $lt_dlunknown; + + if (self) + { + if (dlsym (self,"fnord")) status = $lt_dlno_uscore; + else + { + if (dlsym( self,"_fnord")) status = $lt_dlneed_uscore; + else puts (dlerror ()); + } + /* dlclose (self); */ + } + else + puts (dlerror ()); + + return status; +} +_LT_EOF + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_link\""; } >&5 + (eval $ac_link) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && test -s "conftest$ac_exeext" 2>/dev/null; then + (./conftest; exit; ) >&5 2>/dev/null + lt_status=$? + case x$lt_status in + x$lt_dlno_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlneed_uscore) lt_cv_dlopen_self_static=yes ;; + x$lt_dlunknown|x*) lt_cv_dlopen_self_static=no ;; + esac + else : + # compilation failed + lt_cv_dlopen_self_static=no + fi +fi +rm -fr conftest* + + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_dlopen_self_static" >&5 +$as_echo "$lt_cv_dlopen_self_static" >&6; } + fi + + CPPFLAGS=$save_CPPFLAGS + LDFLAGS=$save_LDFLAGS + LIBS=$save_LIBS + ;; + esac + + case $lt_cv_dlopen_self in + yes|no) enable_dlopen_self=$lt_cv_dlopen_self ;; + *) enable_dlopen_self=unknown ;; + esac + + case $lt_cv_dlopen_self_static in + yes|no) enable_dlopen_self_static=$lt_cv_dlopen_self_static ;; + *) enable_dlopen_self_static=unknown ;; + esac +fi + + + + + + + + + + + + + + + + + +striplib= +old_striplib= +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether stripping libraries is possible" >&5 +$as_echo_n "checking whether stripping libraries is possible... " >&6; } +if test -n "$STRIP" && $STRIP -V 2>&1 | $GREP "GNU strip" >/dev/null; then + test -z "$old_striplib" && old_striplib="$STRIP --strip-debug" + test -z "$striplib" && striplib="$STRIP --strip-unneeded" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else +# FIXME - insert some real tests, host_os isn't really good enough + case $host_os in + darwin*) + if test -n "$STRIP"; then + striplib="$STRIP -x" + old_striplib="$STRIP -S" + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + ;; + *) + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + ;; + esac +fi + + + + + + + + + + + + + # Report what library types will actually be built + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if libtool supports shared libraries" >&5 +$as_echo_n "checking if libtool supports shared libraries... " >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $can_build_shared" >&5 +$as_echo "$can_build_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build shared libraries" >&5 +$as_echo_n "checking whether to build shared libraries... " >&6; } + test no = "$can_build_shared" && enable_shared=no + + # On AIX, shared libraries and static libraries use the same namespace, and + # are all built from PIC. + case $host_os in + aix3*) + test yes = "$enable_shared" && enable_static=no + if test -n "$RANLIB"; then + archive_cmds="$archive_cmds~\$RANLIB \$lib" + postinstall_cmds='$RANLIB $lib' + fi + ;; + + aix[4-9]*) + if test ia64 != "$host_cpu"; then + case $enable_shared,$with_aix_soname,$aix_use_runtimelinking in + yes,aix,yes) ;; # shared object as lib.so file only + yes,svr4,*) ;; # shared object as lib.so archive member only + yes,*) enable_static=no ;; # shared object in lib.a archive as well + esac + fi + ;; + esac + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_shared" >&5 +$as_echo "$enable_shared" >&6; } + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to build static libraries" >&5 +$as_echo_n "checking whether to build static libraries... " >&6; } + # Make sure either enable_shared or enable_static is yes. + test yes = "$enable_shared" || enable_static=yes + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_static" >&5 +$as_echo "$enable_static" >&6; } + + + + +fi +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + +CC=$lt_save_CC + + if test -n "$CXX" && ( test no != "$CXX" && + ( (test g++ = "$CXX" && `g++ -v >/dev/null 2>&1` ) || + (test g++ != "$CXX"))); then + ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C++ preprocessor" >&5 +$as_echo_n "checking how to run the C++ preprocessor... " >&6; } +if test -z "$CXXCPP"; then + if ${ac_cv_prog_CXXCPP+:} false; then : + $as_echo_n "(cached) " >&6 +else + # Double quotes because CXXCPP needs to be expanded + for CXXCPP in "$CXX -E" "/lib/cpp" + do + ac_preproc_ok=false +for ac_cxx_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + break +fi + + done + ac_cv_prog_CXXCPP=$CXXCPP + +fi + CXXCPP=$ac_cv_prog_CXXCPP +else + ac_cv_prog_CXXCPP=$CXXCPP +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $CXXCPP" >&5 +$as_echo "$CXXCPP" >&6; } +ac_preproc_ok=false +for ac_cxx_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext + + # OK, works on sane cases. Now check whether nonexistent headers + # can be detected and how. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +_ACEOF +if ac_fn_cxx_try_cpp "$LINENO"; then : + # Broken: success on invalid input. +continue +else + # Passes both tests. +ac_preproc_ok=: +break +fi +rm -f conftest.err conftest.i conftest.$ac_ext + +done +# Because of `break', _AC_PREPROC_IFELSE's cleaning code was skipped. +rm -f conftest.i conftest.err conftest.$ac_ext +if $ac_preproc_ok; then : + +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "C++ preprocessor \"$CXXCPP\" fails sanity check +See \`config.log' for more details" "$LINENO" 5; } +fi + +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + +else + _lt_caught_CXX_error=yes +fi + +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + +archive_cmds_need_lc_CXX=no +allow_undefined_flag_CXX= +always_export_symbols_CXX=no +archive_expsym_cmds_CXX= +compiler_needs_object_CXX=no +export_dynamic_flag_spec_CXX= +hardcode_direct_CXX=no +hardcode_direct_absolute_CXX=no +hardcode_libdir_flag_spec_CXX= +hardcode_libdir_separator_CXX= +hardcode_minus_L_CXX=no +hardcode_shlibpath_var_CXX=unsupported +hardcode_automatic_CXX=no +inherit_rpath_CXX=no +module_cmds_CXX= +module_expsym_cmds_CXX= +link_all_deplibs_CXX=unknown +old_archive_cmds_CXX=$old_archive_cmds +reload_flag_CXX=$reload_flag +reload_cmds_CXX=$reload_cmds +no_undefined_flag_CXX= +whole_archive_flag_spec_CXX= +enable_shared_with_static_runtimes_CXX=no + +# Source file extension for C++ test sources. +ac_ext=cpp + +# Object file extension for compiled C++ test sources. +objext=o +objext_CXX=$objext + +# No sense in running all these tests if we already determined that +# the CXX compiler isn't working. Some variables (like enable_shared) +# are currently assumed to apply to all compilers on this platform, +# and will be corrupted by setting them based on a non-working compiler. +if test yes != "$_lt_caught_CXX_error"; then + # Code to be used in simple compile tests + lt_simple_compile_test_code="int some_variable = 0;" + + # Code to be used in simple link tests + lt_simple_link_test_code='int main(int, char *[]) { return(0); }' + + # ltmain only uses $CC for tagged configurations so make sure $CC is set. + + + + + + +# If no C compiler was specified, use CC. +LTCC=${LTCC-"$CC"} + +# If no C compiler flags were specified, use CFLAGS. +LTCFLAGS=${LTCFLAGS-"$CFLAGS"} + +# Allow CC to be a program name with arguments. +compiler=$CC + + + # save warnings/boilerplate of simple test code + ac_outfile=conftest.$ac_objext +echo "$lt_simple_compile_test_code" >conftest.$ac_ext +eval "$ac_compile" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_compiler_boilerplate=`cat conftest.err` +$RM conftest* + + ac_outfile=conftest.$ac_objext +echo "$lt_simple_link_test_code" >conftest.$ac_ext +eval "$ac_link" 2>&1 >/dev/null | $SED '/^$/d; /^ *+/d' >conftest.err +_lt_linker_boilerplate=`cat conftest.err` +$RM -r conftest* + + + # Allow CC to be a program name with arguments. + lt_save_CC=$CC + lt_save_CFLAGS=$CFLAGS + lt_save_LD=$LD + lt_save_GCC=$GCC + GCC=$GXX + lt_save_with_gnu_ld=$with_gnu_ld + lt_save_path_LD=$lt_cv_path_LD + if test -n "${lt_cv_prog_gnu_ldcxx+set}"; then + lt_cv_prog_gnu_ld=$lt_cv_prog_gnu_ldcxx + else + $as_unset lt_cv_prog_gnu_ld + fi + if test -n "${lt_cv_path_LDCXX+set}"; then + lt_cv_path_LD=$lt_cv_path_LDCXX + else + $as_unset lt_cv_path_LD + fi + test -z "${LDCXX+set}" || LD=$LDCXX + CC=${CXX-"c++"} + CFLAGS=$CXXFLAGS + compiler=$CC + compiler_CXX=$CC + func_cc_basename $compiler +cc_basename=$func_cc_basename_result + + + if test -n "$compiler"; then + # We don't want -fno-exception when compiling C++ code, so set the + # no_builtin_flag separately + if test yes = "$GXX"; then + lt_prog_compiler_no_builtin_flag_CXX=' -fno-builtin' + else + lt_prog_compiler_no_builtin_flag_CXX= + fi + + if test yes = "$GXX"; then + # Set up default GNU C++ configuration + + + +# Check whether --with-gnu-ld was given. +if test "${with_gnu_ld+set}" = set; then : + withval=$with_gnu_ld; test no = "$withval" || with_gnu_ld=yes +else + with_gnu_ld=no +fi + +ac_prog=ld +if test yes = "$GCC"; then + # Check if gcc -print-prog-name=ld gives a path. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for ld used by $CC" >&5 +$as_echo_n "checking for ld used by $CC... " >&6; } + case $host in + *-*-mingw*) + # gcc leaves a trailing carriage return, which upsets mingw + ac_prog=`($CC -print-prog-name=ld) 2>&5 | tr -d '\015'` ;; + *) + ac_prog=`($CC -print-prog-name=ld) 2>&5` ;; + esac + case $ac_prog in + # Accept absolute paths. + [\\/]* | ?:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' + # Canonicalize the pathname of ld + ac_prog=`$ECHO "$ac_prog"| $SED 's%\\\\%/%g'` + while $ECHO "$ac_prog" | $GREP "$re_direlt" > /dev/null 2>&1; do + ac_prog=`$ECHO $ac_prog| $SED "s%$re_direlt%/%"` + done + test -z "$LD" && LD=$ac_prog + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test yes = "$with_gnu_ld"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNU ld" >&5 +$as_echo_n "checking for GNU ld... " >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for non-GNU ld" >&5 +$as_echo_n "checking for non-GNU ld... " >&6; } +fi +if ${lt_cv_path_LD+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$LD"; then + lt_save_ifs=$IFS; IFS=$PATH_SEPARATOR + for ac_dir in $PATH; do + IFS=$lt_save_ifs + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + lt_cv_path_LD=$ac_dir/$ac_prog + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some variants of GNU ld only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + case `"$lt_cv_path_LD" -v 2>&1 &5 +$as_echo "$LD" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi +test -z "$LD" && as_fn_error $? "no acceptable ld found in \$PATH" "$LINENO" 5 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if the linker ($LD) is GNU ld" >&5 +$as_echo_n "checking if the linker ($LD) is GNU ld... " >&6; } +if ${lt_cv_prog_gnu_ld+:} false; then : + $as_echo_n "(cached) " >&6 +else + # I'd rather use --version here, but apparently some GNU lds only accept -v. +case `$LD -v 2>&1 &5 +$as_echo "$lt_cv_prog_gnu_ld" >&6; } +with_gnu_ld=$lt_cv_prog_gnu_ld + + + + + + + + # Check if GNU C++ uses GNU ld as the underlying linker, since the + # archiving commands below assume that GNU ld is being used. + if test yes = "$with_gnu_ld"; then + archive_cmds_CXX='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC $pic_flag -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + + hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir' + export_dynamic_flag_spec_CXX='$wl--export-dynamic' + + # If archive_cmds runs LD, not CC, wlarc should be empty + # XXX I think wlarc can be eliminated in ltcf-cxx, but I need to + # investigate it a little bit more. (MM) + wlarc='$wl' + + # ancient GNU ld didn't support --whole-archive et. al. + if eval "`$CC -print-prog-name=ld` --help 2>&1" | + $GREP 'no-whole-archive' > /dev/null; then + whole_archive_flag_spec_CXX=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + else + whole_archive_flag_spec_CXX= + fi + else + with_gnu_ld=no + wlarc= + + # A generic and very simple default shared library creation + # command for GNU C++ for the case where it uses the native + # linker, instead of GNU ld. If possible, this setting should + # overridden to take advantage of the native linker features on + # the platform it is being used on. + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + fi + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + + else + GXX=no + with_gnu_ld=no + wlarc= + fi + + # PORTME: fill in a description of your system's C++ link characteristics + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + ld_shlibs_CXX=yes + case $host_os in + aix3*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + aix[4-9]*) + if test ia64 = "$host_cpu"; then + # On IA64, the linker does run time linking by default, so we don't + # have to do anything special. + aix_use_runtimelinking=no + exp_sym_flag='-Bexport' + no_entry_flag= + else + aix_use_runtimelinking=no + + # Test if we are trying to use run time linking or normal + # AIX style linking. If -brtl is somewhere in LDFLAGS, we + # have runtime linking enabled, and use it for executables. + # For shared libraries, we enable/disable runtime linking + # depending on the kind of the shared library created - + # when "with_aix_soname,aix_use_runtimelinking" is: + # "aix,no" lib.a(lib.so.V) shared, rtl:no, for executables + # "aix,yes" lib.so shared, rtl:yes, for executables + # lib.a static archive + # "both,no" lib.so.V(shr.o) shared, rtl:yes + # lib.a(lib.so.V) shared, rtl:no, for executables + # "both,yes" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a(lib.so.V) shared, rtl:no + # "svr4,*" lib.so.V(shr.o) shared, rtl:yes, for executables + # lib.a static archive + case $host_os in aix4.[23]|aix4.[23].*|aix[5-9]*) + for ld_flag in $LDFLAGS; do + case $ld_flag in + *-brtl*) + aix_use_runtimelinking=yes + break + ;; + esac + done + if test svr4,no = "$with_aix_soname,$aix_use_runtimelinking"; then + # With aix-soname=svr4, we create the lib.so.V shared archives only, + # so we don't have lib.a shared libs to link our executables. + # We have to force runtime linking in this case. + aix_use_runtimelinking=yes + LDFLAGS="$LDFLAGS -Wl,-brtl" + fi + ;; + esac + + exp_sym_flag='-bexport' + no_entry_flag='-bnoentry' + fi + + # When large executables or shared objects are built, AIX ld can + # have problems creating the table of contents. If linking a library + # or program results in "error TOC overflow" add -mminimal-toc to + # CXXFLAGS/CFLAGS for g++/gcc. In the cases where that is not + # enough to fix the problem, add -Wl,-bbigtoc to LDFLAGS. + + archive_cmds_CXX='' + hardcode_direct_CXX=yes + hardcode_direct_absolute_CXX=yes + hardcode_libdir_separator_CXX=':' + link_all_deplibs_CXX=yes + file_list_spec_CXX='$wl-f,' + case $with_aix_soname,$aix_use_runtimelinking in + aix,*) ;; # no import file + svr4,* | *,yes) # use import file + # The Import File defines what to hardcode. + hardcode_direct_CXX=no + hardcode_direct_absolute_CXX=no + ;; + esac + + if test yes = "$GXX"; then + case $host_os in aix4.[012]|aix4.[012].*) + # We only want to do this on AIX 4.2 and lower, the check + # below for broken collect2 doesn't work under 4.3+ + collect2name=`$CC -print-prog-name=collect2` + if test -f "$collect2name" && + strings "$collect2name" | $GREP resolve_lib_name >/dev/null + then + # We have reworked collect2 + : + else + # We have old collect2 + hardcode_direct_CXX=unsupported + # It fails to find uninstalled libraries when the uninstalled + # path is not listed in the libpath. Setting hardcode_minus_L + # to unsupported forces relinking + hardcode_minus_L_CXX=yes + hardcode_libdir_flag_spec_CXX='-L$libdir' + hardcode_libdir_separator_CXX= + fi + esac + shared_flag='-shared' + if test yes = "$aix_use_runtimelinking"; then + shared_flag=$shared_flag' $wl-G' + fi + # Need to ensure runtime linking is disabled for the traditional + # shared library, or the linker may eventually find shared libraries + # /with/ Import File - we do not want to mix them. + shared_flag_aix='-shared' + shared_flag_svr4='-shared $wl-G' + else + # not using gcc + if test ia64 = "$host_cpu"; then + # VisualAge C++, Version 5.5 for AIX 5L for IA-64, Beta 3 Release + # chokes on -Wl,-G. The following line is correct: + shared_flag='-G' + else + if test yes = "$aix_use_runtimelinking"; then + shared_flag='$wl-G' + else + shared_flag='$wl-bM:SRE' + fi + shared_flag_aix='$wl-bM:SRE' + shared_flag_svr4='$wl-G' + fi + fi + + export_dynamic_flag_spec_CXX='$wl-bexpall' + # It seems that -bexpall does not export symbols beginning with + # underscore (_), so it is better to generate a list of symbols to + # export. + always_export_symbols_CXX=yes + if test aix,yes = "$with_aix_soname,$aix_use_runtimelinking"; then + # Warning - without using the other runtime loading flags (-brtl), + # -berok will link without error, but may produce a broken library. + # The "-G" linker flag allows undefined symbols. + no_undefined_flag_CXX='-bernotok' + # Determine the default libpath from the value encoded in an empty + # executable. + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath__CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath__CXX=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath__CXX"; then + lt_cv_aix_libpath__CXX=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath__CXX"; then + lt_cv_aix_libpath__CXX=/usr/lib:/lib + fi + +fi + + aix_libpath=$lt_cv_aix_libpath__CXX +fi + + hardcode_libdir_flag_spec_CXX='$wl-blibpath:$libdir:'"$aix_libpath" + + archive_expsym_cmds_CXX='$CC -o $output_objdir/$soname $libobjs $deplibs $wl'$no_entry_flag' $compiler_flags `if test -n "$allow_undefined_flag"; then func_echo_all "$wl$allow_undefined_flag"; else :; fi` $wl'$exp_sym_flag:\$export_symbols' '$shared_flag + else + if test ia64 = "$host_cpu"; then + hardcode_libdir_flag_spec_CXX='$wl-R $libdir:/usr/lib:/lib' + allow_undefined_flag_CXX="-z nodefs" + archive_expsym_cmds_CXX="\$CC $shared_flag"' -o $output_objdir/$soname $libobjs $deplibs '"\$wl$no_entry_flag"' $compiler_flags $wl$allow_undefined_flag '"\$wl$exp_sym_flag:\$export_symbols" + else + # Determine the default libpath from the value encoded in an + # empty executable. + if test set = "${lt_cv_aix_libpath+set}"; then + aix_libpath=$lt_cv_aix_libpath +else + if ${lt_cv_aix_libpath__CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + + lt_aix_libpath_sed=' + /Import File Strings/,/^$/ { + /^0/ { + s/^0 *\([^ ]*\) *$/\1/ + p + } + }' + lt_cv_aix_libpath__CXX=`dump -H conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + # Check for a 64-bit object if we didn't find anything. + if test -z "$lt_cv_aix_libpath__CXX"; then + lt_cv_aix_libpath__CXX=`dump -HX64 conftest$ac_exeext 2>/dev/null | $SED -n -e "$lt_aix_libpath_sed"` + fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + if test -z "$lt_cv_aix_libpath__CXX"; then + lt_cv_aix_libpath__CXX=/usr/lib:/lib + fi + +fi + + aix_libpath=$lt_cv_aix_libpath__CXX +fi + + hardcode_libdir_flag_spec_CXX='$wl-blibpath:$libdir:'"$aix_libpath" + # Warning - without using the other run time loading flags, + # -berok will link without error, but may produce a broken library. + no_undefined_flag_CXX=' $wl-bernotok' + allow_undefined_flag_CXX=' $wl-berok' + if test yes = "$with_gnu_ld"; then + # We only use this code for GNU lds that support --whole-archive. + whole_archive_flag_spec_CXX='$wl--whole-archive$convenience $wl--no-whole-archive' + else + # Exported symbols can be pulled into shared objects from archives + whole_archive_flag_spec_CXX='$convenience' + fi + archive_cmds_need_lc_CXX=yes + archive_expsym_cmds_CXX='$RM -r $output_objdir/$realname.d~$MKDIR $output_objdir/$realname.d' + # -brtl affects multiple linker settings, -berok does not and is overridden later + compiler_flags_filtered='`func_echo_all "$compiler_flags " | $SED -e "s%-brtl\\([, ]\\)%-berok\\1%g"`' + if test svr4 != "$with_aix_soname"; then + # This is similar to how AIX traditionally builds its shared + # libraries. Need -bnortl late, we may have -brtl in LDFLAGS. + archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$CC '$shared_flag_aix' -o $output_objdir/$realname.d/$soname $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$AR $AR_FLAGS $output_objdir/$libname$release.a $output_objdir/$realname.d/$soname' + fi + if test aix != "$with_aix_soname"; then + archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$CC '$shared_flag_svr4' -o $output_objdir/$realname.d/$shared_archive_member_spec.o $libobjs $deplibs $wl-bnoentry '$compiler_flags_filtered'$wl-bE:$export_symbols$allow_undefined_flag~$STRIP -e $output_objdir/$realname.d/$shared_archive_member_spec.o~( func_echo_all "#! $soname($shared_archive_member_spec.o)"; if test shr_64 = "$shared_archive_member_spec"; then func_echo_all "# 64"; else func_echo_all "# 32"; fi; cat $export_symbols ) > $output_objdir/$realname.d/$shared_archive_member_spec.imp~$AR $AR_FLAGS $output_objdir/$soname $output_objdir/$realname.d/$shared_archive_member_spec.o $output_objdir/$realname.d/$shared_archive_member_spec.imp' + else + # used by -dlpreopen to get the symbols + archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$MV $output_objdir/$realname.d/$soname $output_objdir' + fi + archive_expsym_cmds_CXX="$archive_expsym_cmds_CXX"'~$RM -r $output_objdir/$realname.d' + fi + fi + ;; + + beos*) + if $LD --help 2>&1 | $GREP ': supported targets:.* elf' > /dev/null; then + allow_undefined_flag_CXX=unsupported + # Joseph Beckenbach says some releases of gcc + # support --undefined. This deserves some investigation. FIXME + archive_cmds_CXX='$CC -nostart $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + else + ld_shlibs_CXX=no + fi + ;; + + chorus*) + case $cc_basename in + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + cygwin* | mingw* | pw32* | cegcc*) + case $GXX,$cc_basename in + ,cl* | no,cl*) + # Native MSVC + # hardcode_libdir_flag_spec is actually meaningless, as there is + # no search path for DLLs. + hardcode_libdir_flag_spec_CXX=' ' + allow_undefined_flag_CXX=unsupported + always_export_symbols_CXX=yes + file_list_spec_CXX='@' + # Tell ltmain to make .lib files, not .a files. + libext=lib + # Tell ltmain to make .dll files, not .so files. + shrext_cmds=.dll + # FIXME: Setting linknames here is a bad hack. + archive_cmds_CXX='$CC -o $output_objdir/$soname $libobjs $compiler_flags $deplibs -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~linknames=' + archive_expsym_cmds_CXX='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp "$export_symbols" "$output_objdir/$soname.def"; + echo "$tool_output_objdir$soname.def" > "$output_objdir/$soname.exp"; + else + $SED -e '\''s/^/-link -EXPORT:/'\'' < $export_symbols > $output_objdir/$soname.exp; + fi~ + $CC -o $tool_output_objdir$soname $libobjs $compiler_flags $deplibs "@$tool_output_objdir$soname.exp" -Wl,-DLL,-IMPLIB:"$tool_output_objdir$libname.dll.lib"~ + linknames=' + # The linker will not automatically build a static lib if we build a DLL. + # _LT_TAGVAR(old_archive_from_new_cmds, CXX)='true' + enable_shared_with_static_runtimes_CXX=yes + # Don't use ranlib + old_postinstall_cmds_CXX='chmod 644 $oldlib' + postlink_cmds_CXX='lt_outputfile="@OUTPUT@"~ + lt_tool_outputfile="@TOOL_OUTPUT@"~ + case $lt_outputfile in + *.exe|*.EXE) ;; + *) + lt_outputfile=$lt_outputfile.exe + lt_tool_outputfile=$lt_tool_outputfile.exe + ;; + esac~ + func_to_tool_file "$lt_outputfile"~ + if test : != "$MANIFEST_TOOL" && test -f "$lt_outputfile.manifest"; then + $MANIFEST_TOOL -manifest "$lt_tool_outputfile.manifest" -outputresource:"$lt_tool_outputfile" || exit 1; + $RM "$lt_outputfile.manifest"; + fi' + ;; + *) + # g++ + # _LT_TAGVAR(hardcode_libdir_flag_spec, CXX) is actually meaningless, + # as there is no search path for DLLs. + hardcode_libdir_flag_spec_CXX='-L$libdir' + export_dynamic_flag_spec_CXX='$wl--export-all-symbols' + allow_undefined_flag_CXX=unsupported + always_export_symbols_CXX=no + enable_shared_with_static_runtimes_CXX=yes + + if $LD --help 2>&1 | $GREP 'auto-import' > /dev/null; then + archive_cmds_CXX='$CC -shared -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + # If the export-symbols file already is a .def file, use it as + # is; otherwise, prepend EXPORTS... + archive_expsym_cmds_CXX='if test DEF = "`$SED -n -e '\''s/^[ ]*//'\'' -e '\''/^\(;.*\)*$/d'\'' -e '\''s/^\(EXPORTS\|LIBRARY\)\([ ].*\)*$/DEF/p'\'' -e q $export_symbols`" ; then + cp $export_symbols $output_objdir/$soname.def; + else + echo EXPORTS > $output_objdir/$soname.def; + cat $export_symbols >> $output_objdir/$soname.def; + fi~ + $CC -shared -nostdlib $output_objdir/$soname.def $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $output_objdir/$soname $wl--enable-auto-image-base -Xlinker --out-implib -Xlinker $lib' + else + ld_shlibs_CXX=no + fi + ;; + esac + ;; + darwin* | rhapsody*) + + + archive_cmds_need_lc_CXX=no + hardcode_direct_CXX=no + hardcode_automatic_CXX=yes + hardcode_shlibpath_var_CXX=unsupported + if test yes = "$lt_cv_ld_force_load"; then + whole_archive_flag_spec_CXX='`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience $wl-force_load,$conv\"; done; func_echo_all \"$new_convenience\"`' + + else + whole_archive_flag_spec_CXX='' + fi + link_all_deplibs_CXX=yes + allow_undefined_flag_CXX=$_lt_dar_allow_undefined + case $cc_basename in + ifort*|nagfor*) _lt_dar_can_shared=yes ;; + *) _lt_dar_can_shared=$GCC ;; + esac + if test yes = "$_lt_dar_can_shared"; then + output_verbose_link_cmd=func_echo_all + archive_cmds_CXX="\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dsymutil" + module_cmds_CXX="\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dsymutil" + archive_expsym_cmds_CXX="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$libobjs \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring $_lt_dar_single_mod$_lt_dar_export_syms$_lt_dsymutil" + module_expsym_cmds_CXX="sed -e 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC \$allow_undefined_flag -o \$lib -bundle \$libobjs \$deplibs \$compiler_flags$_lt_dar_export_syms$_lt_dsymutil" + if test yes != "$lt_cv_apple_cc_single_mod"; then + archive_cmds_CXX="\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dsymutil" + archive_expsym_cmds_CXX="sed 's|^|_|' < \$export_symbols > \$output_objdir/\$libname-symbols.expsym~\$CC -r -keep_private_externs -nostdlib -o \$lib-master.o \$libobjs~\$CC -dynamiclib \$allow_undefined_flag -o \$lib \$lib-master.o \$deplibs \$compiler_flags -install_name \$rpath/\$soname \$verstring$_lt_dar_export_syms$_lt_dsymutil" + fi + + else + ld_shlibs_CXX=no + fi + + ;; + + os2*) + hardcode_libdir_flag_spec_CXX='-L$libdir' + hardcode_minus_L_CXX=yes + allow_undefined_flag_CXX=unsupported + shrext_cmds=.dll + archive_cmds_CXX='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + emxexp $libobjs | $SED /"_DLL_InitTerm"/d >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + archive_expsym_cmds_CXX='$ECHO "LIBRARY ${soname%$shared_ext} INITINSTANCE TERMINSTANCE" > $output_objdir/$libname.def~ + $ECHO "DESCRIPTION \"$libname\"" >> $output_objdir/$libname.def~ + $ECHO "DATA MULTIPLE NONSHARED" >> $output_objdir/$libname.def~ + $ECHO EXPORTS >> $output_objdir/$libname.def~ + prefix_cmds="$SED"~ + if test EXPORTS = "`$SED 1q $export_symbols`"; then + prefix_cmds="$prefix_cmds -e 1d"; + fi~ + prefix_cmds="$prefix_cmds -e \"s/^\(.*\)$/_\1/g\""~ + cat $export_symbols | $prefix_cmds >> $output_objdir/$libname.def~ + $CC -Zdll -Zcrtdll -o $output_objdir/$soname $libobjs $deplibs $compiler_flags $output_objdir/$libname.def~ + emximp -o $lib $output_objdir/$libname.def' + old_archive_From_new_cmds_CXX='emximp -o $output_objdir/${libname}_dll.a $output_objdir/$libname.def' + enable_shared_with_static_runtimes_CXX=yes + ;; + + dgux*) + case $cc_basename in + ec++*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + ghcx*) + # Green Hills C++ Compiler + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + freebsd2.*) + # C++ shared libraries reported to be fairly broken before + # switch to ELF + ld_shlibs_CXX=no + ;; + + freebsd-elf*) + archive_cmds_need_lc_CXX=no + ;; + + freebsd* | dragonfly*) + # FreeBSD 3 and later use GNU C++ and GNU ld with standard ELF + # conventions + ld_shlibs_CXX=yes + ;; + + haiku*) + archive_cmds_CXX='$CC -shared $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + link_all_deplibs_CXX=yes + ;; + + hpux9*) + hardcode_libdir_flag_spec_CXX='$wl+b $wl$libdir' + hardcode_libdir_separator_CXX=: + export_dynamic_flag_spec_CXX='$wl-E' + hardcode_direct_CXX=yes + hardcode_minus_L_CXX=yes # Not in the search PATH, + # but as the default + # location of the library. + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + aCC*) + archive_cmds_CXX='$RM $output_objdir/$soname~$CC -b $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $EGREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes = "$GXX"; then + archive_cmds_CXX='$RM $output_objdir/$soname~$CC -shared -nostdlib $pic_flag $wl+b $wl$install_libdir -o $output_objdir/$soname $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~test "x$output_objdir/$soname" = "x$lib" || mv $output_objdir/$soname $lib' + else + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + fi + ;; + esac + ;; + + hpux10*|hpux11*) + if test no = "$with_gnu_ld"; then + hardcode_libdir_flag_spec_CXX='$wl+b $wl$libdir' + hardcode_libdir_separator_CXX=: + + case $host_cpu in + hppa*64*|ia64*) + ;; + *) + export_dynamic_flag_spec_CXX='$wl-E' + ;; + esac + fi + case $host_cpu in + hppa*64*|ia64*) + hardcode_direct_CXX=no + hardcode_shlibpath_var_CXX=no + ;; + *) + hardcode_direct_CXX=yes + hardcode_direct_absolute_CXX=yes + hardcode_minus_L_CXX=yes # Not in the search PATH, + # but as the default + # location of the library. + ;; + esac + + case $cc_basename in + CC*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + aCC*) + case $host_cpu in + hppa*64*) + archive_cmds_CXX='$CC -b $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + archive_cmds_CXX='$CC -b $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + archive_cmds_CXX='$CC -b $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`($CC -b $CFLAGS -v conftest.$objext 2>&1) | $GREP "\-L"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then + case $host_cpu in + hppa*64*) + archive_cmds_CXX='$CC -shared -nostdlib -fPIC $wl+h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + ia64*) + archive_cmds_CXX='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+nodefaultrpath -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + *) + archive_cmds_CXX='$CC -shared -nostdlib $pic_flag $wl+h $wl$soname $wl+b $wl$install_libdir -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + ;; + esac + fi + else + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + fi + ;; + esac + ;; + + interix[3-9]*) + hardcode_direct_CXX=no + hardcode_shlibpath_var_CXX=no + hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir' + export_dynamic_flag_spec_CXX='$wl-E' + # Hack: On Interix 3.x, we cannot compile PIC because of a broken gcc. + # Instead, shared libraries are loaded at an image base (0x10000000 by + # default) and relocated if they conflict, which is a slow very memory + # consuming and fragmenting process. To avoid this, we pick a random, + # 256 KiB-aligned image base between 0x50000000 and 0x6FFC0000 at link + # time. Moving up from 0x10000000 also allows more sbrk(2) space. + archive_cmds_CXX='$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + archive_expsym_cmds_CXX='sed "s|^|_|" $export_symbols >$output_objdir/$soname.expsym~$CC -shared $pic_flag $libobjs $deplibs $compiler_flags $wl-h,$soname $wl--retain-symbols-file,$output_objdir/$soname.expsym $wl--image-base,`expr ${RANDOM-$$} % 4096 / 2 \* 262144 + 1342177280` -o $lib' + ;; + irix5* | irix6*) + case $cc_basename in + CC*) + # SGI C++ + archive_cmds_CXX='$CC -shared -all -multigot $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + + # Archives containing C++ object files must be created using + # "CC -ar", where "CC" is the IRIX C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + old_archive_cmds_CXX='$CC -ar -WR,-u -o $oldlib $oldobjs' + ;; + *) + if test yes = "$GXX"; then + if test no = "$with_gnu_ld"; then + archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + else + archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` -o $lib' + fi + fi + link_all_deplibs_CXX=yes + ;; + esac + hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir' + hardcode_libdir_separator_CXX=: + inherit_rpath_CXX=yes + ;; + + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + archive_expsym_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo $lib | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib $wl-retain-symbols-file,$export_symbols; mv \$templib $lib' + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 | $GREP "ld"`; rm -f libconftest$shared_ext; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + + hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir' + export_dynamic_flag_spec_CXX='$wl--export-dynamic' + + # Archives containing C++ object files must be created using + # "CC -Bstatic", where "CC" is the KAI C++ compiler. + old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' + ;; + icpc* | ecpc* ) + # Intel C++ + with_gnu_ld=yes + # version 8.0 and above of icpc choke on multiply defined symbols + # if we add $predep_objects and $postdep_objects, however 7.1 and + # earlier do not add the objects themselves. + case `$CC -V 2>&1` in + *"Version 7."*) + archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 8.0 or newer + tmp_idyn= + case $host_cpu in + ia64*) tmp_idyn=' -i_dynamic';; + esac + archive_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared'"$tmp_idyn"' $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + archive_cmds_need_lc_CXX=no + hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir' + export_dynamic_flag_spec_CXX='$wl--export-dynamic' + whole_archive_flag_spec_CXX='$wl--whole-archive$convenience $wl--no-whole-archive' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + case `$CC -V` in + *pgCC\ [1-5].* | *pgcpp\ [1-5].*) + prelink_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $objs $libobjs $compile_deplibs~ + compile_command="$compile_command `find $tpldir -name \*.o | sort | $NL2SP`"' + old_archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $oldobjs$old_deplibs~ + $AR $AR_FLAGS $oldlib$oldobjs$old_deplibs `find $tpldir -name \*.o | sort | $NL2SP`~ + $RANLIB $oldlib' + archive_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='tpldir=Template.dir~ + rm -rf $tpldir~ + $CC --prelink_objects --instantiation_dir $tpldir $predep_objects $libobjs $deplibs $convenience $postdep_objects~ + $CC -shared $pic_flag $predep_objects $libobjs $deplibs `find $tpldir -name \*.o | sort | $NL2SP` $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + *) # Version 6 and above use weak symbols + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname $wl-retain-symbols-file $wl$export_symbols -o $lib' + ;; + esac + + hardcode_libdir_flag_spec_CXX='$wl--rpath $wl$libdir' + export_dynamic_flag_spec_CXX='$wl--export-dynamic' + whole_archive_flag_spec_CXX='$wl--whole-archive`for conv in $convenience\"\"; do test -n \"$conv\" && new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + ;; + cxx*) + # Compaq C++ + archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib' + archive_expsym_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname -o $lib $wl-retain-symbols-file $wl$export_symbols' + + runpath_var=LD_RUN_PATH + hardcode_libdir_flag_spec_CXX='-rpath $libdir' + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld .*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "X$list" | $Xsed' + ;; + xl* | mpixl* | bgxl*) + # IBM XL 8.0 on PPC, with GNU ld + hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir' + export_dynamic_flag_spec_CXX='$wl--export-dynamic' + archive_cmds_CXX='$CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname -o $lib' + if test yes = "$supports_anon_versioning"; then + archive_expsym_cmds_CXX='echo "{ global:" > $output_objdir/$libname.ver~ + cat $export_symbols | sed -e "s/\(.*\)/\1;/" >> $output_objdir/$libname.ver~ + echo "local: *; };" >> $output_objdir/$libname.ver~ + $CC -qmkshrobj $libobjs $deplibs $compiler_flags $wl-soname $wl$soname $wl-version-script $wl$output_objdir/$libname.ver -o $lib' + fi + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + no_undefined_flag_CXX=' -zdefs' + archive_cmds_CXX='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + archive_expsym_cmds_CXX='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file $wl$export_symbols' + hardcode_libdir_flag_spec_CXX='-R$libdir' + whole_archive_flag_spec_CXX='$wl--whole-archive`new_convenience=; for conv in $convenience\"\"; do test -z \"$conv\" || new_convenience=\"$new_convenience,$conv\"; done; func_echo_all \"$new_convenience\"` $wl--no-whole-archive' + compiler_needs_object_CXX=yes + + # Not sure whether something based on + # $CC $CFLAGS -v conftest.$objext -o libconftest$shared_ext 2>&1 + # would be better. + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs' + ;; + esac + ;; + esac + ;; + + lynxos*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + + m88k*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + + mvs*) + case $cc_basename in + cxx*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + netbsd*) + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + archive_cmds_CXX='$LD -Bshareable -o $lib $predep_objects $libobjs $deplibs $postdep_objects $linker_flags' + wlarc= + hardcode_libdir_flag_spec_CXX='-R$libdir' + hardcode_direct_CXX=yes + hardcode_shlibpath_var_CXX=no + fi + # Workaround some broken pre-1.5 toolchains + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP conftest.$objext | $SED -e "s:-lgcc -lc -lgcc::"' + ;; + + *nto* | *qnx*) + ld_shlibs_CXX=yes + ;; + + openbsd* | bitrig*) + if test -f /usr/libexec/ld.so; then + hardcode_direct_CXX=yes + hardcode_shlibpath_var_CXX=no + hardcode_direct_absolute_CXX=yes + archive_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -o $lib' + hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir' + if test -z "`echo __ELF__ | $CC -E - | grep __ELF__`"; then + archive_expsym_cmds_CXX='$CC -shared $pic_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-retain-symbols-file,$export_symbols -o $lib' + export_dynamic_flag_spec_CXX='$wl-E' + whole_archive_flag_spec_CXX=$wlarc'--whole-archive$convenience '$wlarc'--no-whole-archive' + fi + output_verbose_link_cmd=func_echo_all + else + ld_shlibs_CXX=no + fi + ;; + + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + # Kuck and Associates, Inc. (KAI) C++ Compiler + + # KCC will only create a shared library if the output file + # ends with ".so" (or ".sl" for HP-UX), so rename the library + # to its proper name (with version) after linking. + archive_cmds_CXX='tempext=`echo $shared_ext | $SED -e '\''s/\([^()0-9A-Za-z{}]\)/\\\\\1/g'\''`; templib=`echo "$lib" | $SED -e "s/\$tempext\..*/.so/"`; $CC $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags --soname $soname -o \$templib; mv \$templib $lib' + + hardcode_libdir_flag_spec_CXX='$wl-rpath,$libdir' + hardcode_libdir_separator_CXX=: + + # Archives containing C++ object files must be created using + # the KAI C++ compiler. + case $host in + osf3*) old_archive_cmds_CXX='$CC -Bstatic -o $oldlib $oldobjs' ;; + *) old_archive_cmds_CXX='$CC -o $oldlib $oldobjs' ;; + esac + ;; + RCC*) + # Rational C++ 2.4.1 + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + cxx*) + case $host in + osf3*) + allow_undefined_flag_CXX=' $wl-expect_unresolved $wl\*' + archive_cmds_CXX='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $soname `test -n "$verstring" && func_echo_all "$wl-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir' + ;; + *) + allow_undefined_flag_CXX=' -expect_unresolved \*' + archive_cmds_CXX='$CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname `test -n "$verstring" && func_echo_all "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib' + archive_expsym_cmds_CXX='for i in `cat $export_symbols`; do printf "%s %s\\n" -exported_symbol "\$i" >> $lib.exp; done~ + echo "-hidden">> $lib.exp~ + $CC -shared$allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags -msym -soname $soname $wl-input $wl$lib.exp `test -n "$verstring" && $ECHO "-set_version $verstring"` -update_registry $output_objdir/so_locations -o $lib~ + $RM $lib.exp' + hardcode_libdir_flag_spec_CXX='-rpath $libdir' + ;; + esac + + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + # + # There doesn't appear to be a way to prevent this compiler from + # explicitly linking system object files so we need to strip them + # from the output so that they don't get included in the library + # dependencies. + output_verbose_link_cmd='templist=`$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP "ld" | $GREP -v "ld:"`; templist=`func_echo_all "$templist" | $SED "s/\(^.*ld.*\)\( .*ld.*$\)/\1/"`; list= ; for z in $templist; do case $z in conftest.$objext) list="$list $z";; *.$objext);; *) list="$list $z";;esac; done; func_echo_all "$list"' + ;; + *) + if test yes,no = "$GXX,$with_gnu_ld"; then + allow_undefined_flag_CXX=' $wl-expect_unresolved $wl\*' + case $host in + osf3*) + archive_cmds_CXX='$CC -shared -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + ;; + *) + archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $allow_undefined_flag $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-msym $wl-soname $wl$soname `test -n "$verstring" && func_echo_all "$wl-set_version $wl$verstring"` $wl-update_registry $wl$output_objdir/so_locations -o $lib' + ;; + esac + + hardcode_libdir_flag_spec_CXX='$wl-rpath $wl$libdir' + hardcode_libdir_separator_CXX=: + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + + else + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + fi + ;; + esac + ;; + + psos*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + lcc*) + # Lucid + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + archive_cmds_need_lc_CXX=yes + no_undefined_flag_CXX=' -zdefs' + archive_cmds_CXX='$CC -G$allow_undefined_flag -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags' + archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G$allow_undefined_flag $wl-M $wl$lib.exp -h$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + hardcode_libdir_flag_spec_CXX='-R$libdir' + hardcode_shlibpath_var_CXX=no + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + # The compiler driver will combine and reorder linker options, + # but understands '-z linker_flag'. + # Supported since Solaris 2.6 (maybe 2.5.1?) + whole_archive_flag_spec_CXX='-z allextract$convenience -z defaultextract' + ;; + esac + link_all_deplibs_CXX=yes + + output_verbose_link_cmd='func_echo_all' + + # Archives containing C++ object files must be created using + # "CC -xar", where "CC" is the Sun C++ compiler. This is + # necessary to make sure instantiated templates are included + # in the archive. + old_archive_cmds_CXX='$CC -xar -o $oldlib $oldobjs' + ;; + gcx*) + # Green Hills C++ Compiler + archive_cmds_CXX='$CC -shared $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + + # The C++ compiler must be used to create the archive. + old_archive_cmds_CXX='$CC $LDFLAGS -archive -o $oldlib $oldobjs' + ;; + *) + # GNU C++ compiler with Solaris linker + if test yes,no = "$GXX,$with_gnu_ld"; then + no_undefined_flag_CXX=' $wl-z ${wl}defs' + if $CC --version | $GREP -v '^2\.7' > /dev/null; then + archive_cmds_CXX='$CC -shared $pic_flag -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -shared $pic_flag -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -shared $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + else + # g++ 2.7 appears to require '-G' NOT '-shared' on this + # platform. + archive_cmds_CXX='$CC -G -nostdlib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags $wl-h $wl$soname -o $lib' + archive_expsym_cmds_CXX='echo "{ global:" > $lib.exp~cat $export_symbols | $SED -e "s/\(.*\)/\1;/" >> $lib.exp~echo "local: *; };" >> $lib.exp~ + $CC -G -nostdlib $wl-M $wl$lib.exp $wl-h $wl$soname -o $lib $predep_objects $libobjs $deplibs $postdep_objects $compiler_flags~$RM $lib.exp' + + # Commands to make compiler produce verbose output that lists + # what "hidden" libraries, object files and flags are used when + # linking a shared library. + output_verbose_link_cmd='$CC -G $CFLAGS -v conftest.$objext 2>&1 | $GREP -v "^Configured with:" | $GREP "\-L"' + fi + + hardcode_libdir_flag_spec_CXX='$wl-R $wl$libdir' + case $host_os in + solaris2.[0-5] | solaris2.[0-5].*) ;; + *) + whole_archive_flag_spec_CXX='$wl-z ${wl}allextract$convenience $wl-z ${wl}defaultextract' + ;; + esac + fi + ;; + esac + ;; + + sysv4*uw2* | sysv5OpenUNIX* | sysv5UnixWare7.[01].[10]* | unixware7* | sco3.2v5.0.[024]*) + no_undefined_flag_CXX='$wl-z,text' + archive_cmds_need_lc_CXX=no + hardcode_shlibpath_var_CXX=no + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + archive_cmds_CXX='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + *) + archive_cmds_CXX='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + sysv5* | sco3.2v5* | sco5v6*) + # Note: We CANNOT use -z defs as we might desire, because we do not + # link with -lc, and that would cause any symbols used from libc to + # always be unresolved, which means just about no library would + # ever link correctly. If we're not using GNU ld we use -z text + # though, which does catch some bad symbols but isn't as heavy-handed + # as -z defs. + no_undefined_flag_CXX='$wl-z,text' + allow_undefined_flag_CXX='$wl-z,nodefs' + archive_cmds_need_lc_CXX=no + hardcode_shlibpath_var_CXX=no + hardcode_libdir_flag_spec_CXX='$wl-R,$libdir' + hardcode_libdir_separator_CXX=':' + link_all_deplibs_CXX=yes + export_dynamic_flag_spec_CXX='$wl-Bexport' + runpath_var='LD_RUN_PATH' + + case $cc_basename in + CC*) + archive_cmds_CXX='$CC -G $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -G $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + old_archive_cmds_CXX='$CC -Tprelink_objects $oldobjs~ + '"$old_archive_cmds_CXX" + reload_cmds_CXX='$CC -Tprelink_objects $reload_objs~ + '"$reload_cmds_CXX" + ;; + *) + archive_cmds_CXX='$CC -shared $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + archive_expsym_cmds_CXX='$CC -shared $wl-Bexport:$export_symbols $wl-h,$soname -o $lib $libobjs $deplibs $compiler_flags' + ;; + esac + ;; + + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + ;; + + vxworks*) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + + *) + # FIXME: insert proper C++ library support + ld_shlibs_CXX=no + ;; + esac + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5 +$as_echo "$ld_shlibs_CXX" >&6; } + test no = "$ld_shlibs_CXX" && can_build_shared=no + + GCC_CXX=$GXX + LD_CXX=$LD + + ## CAVEAT EMPTOR: + ## There is no encapsulation within the following macros, do not change + ## the running order or otherwise move them around unless you know exactly + ## what you are doing... + # Dependencies to place before and after the object being linked: +predep_objects_CXX= +postdep_objects_CXX= +predeps_CXX= +postdeps_CXX= +compiler_lib_search_path_CXX= + +cat > conftest.$ac_ext <<_LT_EOF +class Foo +{ +public: + Foo (void) { a = 0; } +private: + int a; +}; +_LT_EOF + + +_lt_libdeps_save_CFLAGS=$CFLAGS +case "$CC $CFLAGS " in #( +*\ -flto*\ *) CFLAGS="$CFLAGS -fno-lto" ;; +*\ -fwhopr*\ *) CFLAGS="$CFLAGS -fno-whopr" ;; +*\ -fuse-linker-plugin*\ *) CFLAGS="$CFLAGS -fno-use-linker-plugin" ;; +esac + +if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + # Parse the compiler output and extract the necessary + # objects, libraries and library flags. + + # Sentinel used to keep track of whether or not we are before + # the conftest object file. + pre_test_object_deps_done=no + + for p in `eval "$output_verbose_link_cmd"`; do + case $prev$p in + + -L* | -R* | -l*) + # Some compilers place space between "-{L,R}" and the path. + # Remove the space. + if test x-L = "$p" || + test x-R = "$p"; then + prev=$p + continue + fi + + # Expand the sysroot to ease extracting the directories later. + if test -z "$prev"; then + case $p in + -L*) func_stripname_cnf '-L' '' "$p"; prev=-L; p=$func_stripname_result ;; + -R*) func_stripname_cnf '-R' '' "$p"; prev=-R; p=$func_stripname_result ;; + -l*) func_stripname_cnf '-l' '' "$p"; prev=-l; p=$func_stripname_result ;; + esac + fi + case $p in + =*) func_stripname_cnf '=' '' "$p"; p=$lt_sysroot$func_stripname_result ;; + esac + if test no = "$pre_test_object_deps_done"; then + case $prev in + -L | -R) + # Internal compiler library paths should come after those + # provided the user. The postdeps already come after the + # user supplied libs so there is no need to process them. + if test -z "$compiler_lib_search_path_CXX"; then + compiler_lib_search_path_CXX=$prev$p + else + compiler_lib_search_path_CXX="${compiler_lib_search_path_CXX} $prev$p" + fi + ;; + # The "-l" case would never come before the object being + # linked, so don't bother handling this case. + esac + else + if test -z "$postdeps_CXX"; then + postdeps_CXX=$prev$p + else + postdeps_CXX="${postdeps_CXX} $prev$p" + fi + fi + prev= + ;; + + *.lto.$objext) ;; # Ignore GCC LTO objects + *.$objext) + # This assumes that the test object file only shows up + # once in the compiler output. + if test "$p" = "conftest.$objext"; then + pre_test_object_deps_done=yes + continue + fi + + if test no = "$pre_test_object_deps_done"; then + if test -z "$predep_objects_CXX"; then + predep_objects_CXX=$p + else + predep_objects_CXX="$predep_objects_CXX $p" + fi + else + if test -z "$postdep_objects_CXX"; then + postdep_objects_CXX=$p + else + postdep_objects_CXX="$postdep_objects_CXX $p" + fi + fi + ;; + + *) ;; # Ignore the rest. + + esac + done + + # Clean up. + rm -f a.out a.exe +else + echo "libtool.m4: error: problem compiling CXX test program" +fi + +$RM -f confest.$objext +CFLAGS=$_lt_libdeps_save_CFLAGS + +# PORTME: override above test on systems where it is broken +case $host_os in +interix[3-9]*) + # Interix 3.5 installs completely hosed .la files for C++, so rather than + # hack all around it, let's just trust "g++" to DTRT. + predep_objects_CXX= + postdep_objects_CXX= + postdeps_CXX= + ;; +esac + + +case " $postdeps_CXX " in +*" -lc "*) archive_cmds_need_lc_CXX=no ;; +esac + compiler_lib_search_dirs_CXX= +if test -n "${compiler_lib_search_path_CXX}"; then + compiler_lib_search_dirs_CXX=`echo " ${compiler_lib_search_path_CXX}" | $SED -e 's! -L! !g' -e 's!^ !!'` +fi + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + lt_prog_compiler_wl_CXX= +lt_prog_compiler_pic_CXX= +lt_prog_compiler_static_CXX= + + + # C++ specific cases for pic, static, wl, etc. + if test yes = "$GXX"; then + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='-static' + + case $host_os in + aix*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static_CXX='-Bstatic' + fi + lt_prog_compiler_pic_CXX='-fPIC' + ;; + + amigaos*) + case $host_cpu in + powerpc) + # see comment about AmigaOS4 .so support + lt_prog_compiler_pic_CXX='-fPIC' + ;; + m68k) + # FIXME: we need at least 68020 code to build shared libraries, but + # adding the '-m68020' flag to GCC prevents building anything better, + # like '-m68040'. + lt_prog_compiler_pic_CXX='-m68020 -resident32 -malways-restore-a4' + ;; + esac + ;; + + beos* | irix5* | irix6* | nonstopux* | osf3* | osf4* | osf5*) + # PIC is the default for these OSes. + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + # Although the cygwin gcc ignores -fPIC, still need this for old-style + # (--disable-auto-import) libraries + lt_prog_compiler_pic_CXX='-DDLL_EXPORT' + case $host_os in + os2*) + lt_prog_compiler_static_CXX='$wl-static' + ;; + esac + ;; + darwin* | rhapsody*) + # PIC is the default on this platform + # Common symbols not allowed in MH_DYLIB files + lt_prog_compiler_pic_CXX='-fno-common' + ;; + *djgpp*) + # DJGPP does not support shared libraries at all + lt_prog_compiler_pic_CXX= + ;; + haiku*) + # PIC is the default for Haiku. + # The "-static" flag exists, but is broken. + lt_prog_compiler_static_CXX= + ;; + interix[3-9]*) + # Interix 3.x gcc -fpic/-fPIC options generate broken code. + # Instead, we relocate shared libraries at runtime. + ;; + sysv4*MP*) + if test -d /usr/nec; then + lt_prog_compiler_pic_CXX=-Kconform_pic + fi + ;; + hpux*) + # PIC is the default for 64-bit PA HP-UX, but not for 32-bit + # PA HP-UX. On IA64 HP-UX, PIC is the default but the pic flag + # sets the default TLS model and affects inlining. + case $host_cpu in + hppa*64*) + ;; + *) + lt_prog_compiler_pic_CXX='-fPIC' + ;; + esac + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic_CXX='-fPIC -shared' + ;; + *) + lt_prog_compiler_pic_CXX='-fPIC' + ;; + esac + else + case $host_os in + aix[4-9]*) + # All AIX code is PIC. + if test ia64 = "$host_cpu"; then + # AIX 5 now supports IA64 processor + lt_prog_compiler_static_CXX='-Bstatic' + else + lt_prog_compiler_static_CXX='-bnso -bI:/lib/syscalls.exp' + fi + ;; + chorus*) + case $cc_basename in + cxch68*) + # Green Hills C++ Compiler + # _LT_TAGVAR(lt_prog_compiler_static, CXX)="--no_auto_instantiation -u __main -u __premain -u _abort -r $COOL_DIR/lib/libOrb.a $MVME_DIR/lib/CC/libC.a $MVME_DIR/lib/classix/libcx.s.a" + ;; + esac + ;; + mingw* | cygwin* | os2* | pw32* | cegcc*) + # This hack is so that the source file can tell whether it is being + # built for inclusion in a dll (and should export symbols for example). + lt_prog_compiler_pic_CXX='-DDLL_EXPORT' + ;; + dgux*) + case $cc_basename in + ec++*) + lt_prog_compiler_pic_CXX='-KPIC' + ;; + ghcx*) + # Green Hills C++ Compiler + lt_prog_compiler_pic_CXX='-pic' + ;; + *) + ;; + esac + ;; + freebsd* | dragonfly*) + # FreeBSD uses GNU C++ + ;; + hpux9* | hpux10* | hpux11*) + case $cc_basename in + CC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='$wl-a ${wl}archive' + if test ia64 != "$host_cpu"; then + lt_prog_compiler_pic_CXX='+Z' + fi + ;; + aCC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='$wl-a ${wl}archive' + case $host_cpu in + hppa*64*|ia64*) + # +Z the default + ;; + *) + lt_prog_compiler_pic_CXX='+Z' + ;; + esac + ;; + *) + ;; + esac + ;; + interix*) + # This is c89, which is MS Visual C++ (no shared libs) + # Anyone wants to do a port? + ;; + irix5* | irix6* | nonstopux*) + case $cc_basename in + CC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_static_CXX='-non_shared' + # CC pic flag -KPIC is the default. + ;; + *) + ;; + esac + ;; + linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + case $cc_basename in + KCC*) + # KAI C++ Compiler + lt_prog_compiler_wl_CXX='--backend -Wl,' + lt_prog_compiler_pic_CXX='-fPIC' + ;; + ecpc* ) + # old Intel C++ for x86_64, which still supported -KPIC. + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-static' + ;; + icpc* ) + # Intel C++, used to be incompatible with GCC. + # ICC 10 doesn't accept -KPIC any more. + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-fPIC' + lt_prog_compiler_static_CXX='-static' + ;; + pgCC* | pgcpp*) + # Portland Group C++ compiler + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-fpic' + lt_prog_compiler_static_CXX='-Bstatic' + ;; + cxx*) + # Compaq C++ + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + lt_prog_compiler_pic_CXX= + lt_prog_compiler_static_CXX='-non_shared' + ;; + xlc* | xlC* | bgxl[cC]* | mpixl[cC]*) + # IBM XL 8.0, 9.0 on PPC and BlueGene + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-qpic' + lt_prog_compiler_static_CXX='-qstaticlink' + ;; + *) + case `$CC -V 2>&1 | sed 5q` in + *Sun\ C*) + # Sun C++ 5.9 + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-Bstatic' + lt_prog_compiler_wl_CXX='-Qoption ld ' + ;; + esac + ;; + esac + ;; + lynxos*) + ;; + m88k*) + ;; + mvs*) + case $cc_basename in + cxx*) + lt_prog_compiler_pic_CXX='-W c,exportall' + ;; + *) + ;; + esac + ;; + netbsd*) + ;; + *qnx* | *nto*) + # QNX uses GNU C++, but need to define -shared option too, otherwise + # it will coredump. + lt_prog_compiler_pic_CXX='-fPIC -shared' + ;; + osf3* | osf4* | osf5*) + case $cc_basename in + KCC*) + lt_prog_compiler_wl_CXX='--backend -Wl,' + ;; + RCC*) + # Rational C++ 2.4.1 + lt_prog_compiler_pic_CXX='-pic' + ;; + cxx*) + # Digital/Compaq C++ + lt_prog_compiler_wl_CXX='-Wl,' + # Make sure the PIC flag is empty. It appears that all Alpha + # Linux and Compaq Tru64 Unix objects are PIC. + lt_prog_compiler_pic_CXX= + lt_prog_compiler_static_CXX='-non_shared' + ;; + *) + ;; + esac + ;; + psos*) + ;; + solaris*) + case $cc_basename in + CC* | sunCC*) + # Sun C++ 4.2, 5.x and Centerline C++ + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-Bstatic' + lt_prog_compiler_wl_CXX='-Qoption ld ' + ;; + gcx*) + # Green Hills C++ Compiler + lt_prog_compiler_pic_CXX='-PIC' + ;; + *) + ;; + esac + ;; + sunos4*) + case $cc_basename in + CC*) + # Sun C++ 4.x + lt_prog_compiler_pic_CXX='-pic' + lt_prog_compiler_static_CXX='-Bstatic' + ;; + lcc*) + # Lucid + lt_prog_compiler_pic_CXX='-pic' + ;; + *) + ;; + esac + ;; + sysv5* | unixware* | sco3.2v5* | sco5v6* | OpenUNIX*) + case $cc_basename in + CC*) + lt_prog_compiler_wl_CXX='-Wl,' + lt_prog_compiler_pic_CXX='-KPIC' + lt_prog_compiler_static_CXX='-Bstatic' + ;; + esac + ;; + tandem*) + case $cc_basename in + NCC*) + # NonStop-UX NCC 3.20 + lt_prog_compiler_pic_CXX='-KPIC' + ;; + *) + ;; + esac + ;; + vxworks*) + ;; + *) + lt_prog_compiler_can_build_shared_CXX=no + ;; + esac + fi + +case $host_os in + # For platforms that do not support PIC, -DPIC is meaningless: + *djgpp*) + lt_prog_compiler_pic_CXX= + ;; + *) + lt_prog_compiler_pic_CXX="$lt_prog_compiler_pic_CXX -DPIC" + ;; +esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $compiler option to produce PIC" >&5 +$as_echo_n "checking for $compiler option to produce PIC... " >&6; } +if ${lt_cv_prog_compiler_pic_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_CXX=$lt_prog_compiler_pic_CXX +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_CXX" >&5 +$as_echo "$lt_cv_prog_compiler_pic_CXX" >&6; } +lt_prog_compiler_pic_CXX=$lt_cv_prog_compiler_pic_CXX + +# +# Check to make sure the PIC flag actually works. +# +if test -n "$lt_prog_compiler_pic_CXX"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works" >&5 +$as_echo_n "checking if $compiler PIC flag $lt_prog_compiler_pic_CXX works... " >&6; } +if ${lt_cv_prog_compiler_pic_works_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_pic_works_CXX=no + ac_outfile=conftest.$ac_objext + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + lt_compiler_flag="$lt_prog_compiler_pic_CXX -DPIC" ## exclude from sc_useless_quotes_in_assignment + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + # The option is referenced via a variable to avoid confusing sed. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>conftest.err) + ac_status=$? + cat conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s "$ac_outfile"; then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings other than the usual output. + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' >conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if test ! -s conftest.er2 || diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_pic_works_CXX=yes + fi + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_pic_works_CXX" >&5 +$as_echo "$lt_cv_prog_compiler_pic_works_CXX" >&6; } + +if test yes = "$lt_cv_prog_compiler_pic_works_CXX"; then + case $lt_prog_compiler_pic_CXX in + "" | " "*) ;; + *) lt_prog_compiler_pic_CXX=" $lt_prog_compiler_pic_CXX" ;; + esac +else + lt_prog_compiler_pic_CXX= + lt_prog_compiler_can_build_shared_CXX=no +fi + +fi + + + + + +# +# Check to make sure the static flag actually works. +# +wl=$lt_prog_compiler_wl_CXX eval lt_tmp_static_flag=\"$lt_prog_compiler_static_CXX\" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler static flag $lt_tmp_static_flag works" >&5 +$as_echo_n "checking if $compiler static flag $lt_tmp_static_flag works... " >&6; } +if ${lt_cv_prog_compiler_static_works_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_static_works_CXX=no + save_LDFLAGS=$LDFLAGS + LDFLAGS="$LDFLAGS $lt_tmp_static_flag" + echo "$lt_simple_link_test_code" > conftest.$ac_ext + if (eval $ac_link 2>conftest.err) && test -s conftest$ac_exeext; then + # The linker can only warn and ignore the option if not recognized + # So say no if there are warnings + if test -s conftest.err; then + # Append any errors to the config.log. + cat conftest.err 1>&5 + $ECHO "$_lt_linker_boilerplate" | $SED '/^$/d' > conftest.exp + $SED '/^$/d; /^ *+/d' conftest.err >conftest.er2 + if diff conftest.exp conftest.er2 >/dev/null; then + lt_cv_prog_compiler_static_works_CXX=yes + fi + else + lt_cv_prog_compiler_static_works_CXX=yes + fi + fi + $RM -r conftest* + LDFLAGS=$save_LDFLAGS + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_static_works_CXX" >&5 +$as_echo "$lt_cv_prog_compiler_static_works_CXX" >&6; } + +if test yes = "$lt_cv_prog_compiler_static_works_CXX"; then + : +else + lt_prog_compiler_static_CXX= +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o_CXX=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o_CXX=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5 +$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; } + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if $compiler supports -c -o file.$ac_objext" >&5 +$as_echo_n "checking if $compiler supports -c -o file.$ac_objext... " >&6; } +if ${lt_cv_prog_compiler_c_o_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_prog_compiler_c_o_CXX=no + $RM -r conftest 2>/dev/null + mkdir conftest + cd conftest + mkdir out + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + lt_compiler_flag="-o out/conftest2.$ac_objext" + # Insert the option either (1) after the last *FLAGS variable, or + # (2) before a word containing "conftest.", or (3) at the end. + # Note that $ac_compile itself does not contain backslashes and begins + # with a dollar sign (not a hyphen), so the echo should work correctly. + lt_compile=`echo "$ac_compile" | $SED \ + -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ + -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ + -e 's:$: $lt_compiler_flag:'` + (eval echo "\"\$as_me:$LINENO: $lt_compile\"" >&5) + (eval "$lt_compile" 2>out/conftest.err) + ac_status=$? + cat out/conftest.err >&5 + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + if (exit $ac_status) && test -s out/conftest2.$ac_objext + then + # The compiler can only warn and ignore the option if not recognized + # So say no if there are warnings + $ECHO "$_lt_compiler_boilerplate" | $SED '/^$/d' > out/conftest.exp + $SED '/^$/d; /^ *+/d' out/conftest.err >out/conftest.er2 + if test ! -s out/conftest.er2 || diff out/conftest.exp out/conftest.er2 >/dev/null; then + lt_cv_prog_compiler_c_o_CXX=yes + fi + fi + chmod u+w . 2>&5 + $RM conftest* + # SGI C++ compiler will create directory out/ii_files/ for + # template instantiation + test -d out/ii_files && $RM out/ii_files/* && rmdir out/ii_files + $RM out/* && rmdir out + cd .. + $RM -r conftest + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_prog_compiler_c_o_CXX" >&5 +$as_echo "$lt_cv_prog_compiler_c_o_CXX" >&6; } + + + + +hard_links=nottested +if test no = "$lt_cv_prog_compiler_c_o_CXX" && test no != "$need_locks"; then + # do not overwrite the value of need_locks provided by the user + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we can lock with hard links" >&5 +$as_echo_n "checking if we can lock with hard links... " >&6; } + hard_links=yes + $RM conftest* + ln conftest.a conftest.b 2>/dev/null && hard_links=no + touch conftest.a + ln conftest.a conftest.b 2>&5 || hard_links=no + ln conftest.a conftest.b 2>/dev/null && hard_links=no + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $hard_links" >&5 +$as_echo "$hard_links" >&6; } + if test no = "$hard_links"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&5 +$as_echo "$as_me: WARNING: '$CC' does not support '-c -o', so 'make -j' may be unsafe" >&2;} + need_locks=warn + fi +else + need_locks=no +fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the $compiler linker ($LD) supports shared libraries" >&5 +$as_echo_n "checking whether the $compiler linker ($LD) supports shared libraries... " >&6; } + + export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + exclude_expsyms_CXX='_GLOBAL_OFFSET_TABLE_|_GLOBAL__F[ID]_.*' + case $host_os in + aix[4-9]*) + # If we're using GNU nm, then we don't want the "-C" option. + # -C means demangle to GNU nm, but means don't demangle to AIX nm. + # Without the "-l" option, or with the "-B" option, AIX nm treats + # weak defined symbols like other global defined symbols, whereas + # GNU nm marks them as "W". + # While the 'weak' keyword is ignored in the Export File, we need + # it in the Import File for the 'aix-soname' feature, so we have + # to replace the "-B" option with "-P" for AIX nm. + if $NM -V 2>&1 | $GREP 'GNU' > /dev/null; then + export_symbols_cmds_CXX='$NM -Bpg $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W")) && (substr(\$ 3,1,1) != ".")) { if (\$ 2 == "W") { print \$ 3 " weak" } else { print \$ 3 } } }'\'' | sort -u > $export_symbols' + else + export_symbols_cmds_CXX='`func_echo_all $NM | $SED -e '\''s/B\([^B]*\)$/P\1/'\''` -PCpgl $libobjs $convenience | awk '\''{ if (((\$ 2 == "T") || (\$ 2 == "D") || (\$ 2 == "B") || (\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) && (substr(\$ 1,1,1) != ".")) { if ((\$ 2 == "W") || (\$ 2 == "V") || (\$ 2 == "Z")) { print \$ 1 " weak" } else { print \$ 1 } } }'\'' | sort -u > $export_symbols' + fi + ;; + pw32*) + export_symbols_cmds_CXX=$ltdll_cmds + ;; + cygwin* | mingw* | cegcc*) + case $cc_basename in + cl*) + exclude_expsyms_CXX='_NULL_IMPORT_DESCRIPTOR|_IMPORT_DESCRIPTOR_.*' + ;; + *) + export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED -e '\''/^[BCDGRS][ ]/s/.*[ ]\([^ ]*\)/\1 DATA/;s/^.*[ ]__nm__\([^ ]*\)[ ][^ ]*/\1 DATA/;/^I[ ]/d;/^[AITW][ ]/s/.* //'\'' | sort | uniq > $export_symbols' + exclude_expsyms_CXX='[_]+GLOBAL_OFFSET_TABLE_|[_]+GLOBAL__[FID]_.*|[_]+head_[A-Za-z0-9_]+_dll|[A-Za-z0-9_]+_dll_iname' + ;; + esac + ;; + *) + export_symbols_cmds_CXX='$NM $libobjs $convenience | $global_symbol_pipe | $SED '\''s/.* //'\'' | sort | uniq > $export_symbols' + ;; + esac + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ld_shlibs_CXX" >&5 +$as_echo "$ld_shlibs_CXX" >&6; } +test no = "$ld_shlibs_CXX" && can_build_shared=no + +with_gnu_ld_CXX=$with_gnu_ld + + + + + + +# +# Do we need to explicitly link libc? +# +case "x$archive_cmds_need_lc_CXX" in +x|xyes) + # Assume -lc should be added + archive_cmds_need_lc_CXX=yes + + if test yes,yes = "$GCC,$enable_shared"; then + case $archive_cmds_CXX in + *'~'*) + # FIXME: we may have to deal with multi-command sequences. + ;; + '$CC '*) + # Test whether the compiler implicitly links with -lc since on some + # systems, -lgcc has to come before -lc. If gcc already passes -lc + # to ld, don't add -lc before -lgcc. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -lc should be explicitly linked in" >&5 +$as_echo_n "checking whether -lc should be explicitly linked in... " >&6; } +if ${lt_cv_archive_cmds_need_lc_CXX+:} false; then : + $as_echo_n "(cached) " >&6 +else + $RM conftest* + echo "$lt_simple_compile_test_code" > conftest.$ac_ext + + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$ac_compile\""; } >&5 + (eval $ac_compile) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } 2>conftest.err; then + soname=conftest + lib=conftest + libobjs=conftest.$ac_objext + deplibs= + wl=$lt_prog_compiler_wl_CXX + pic_flag=$lt_prog_compiler_pic_CXX + compiler_flags=-v + linker_flags=-v + verstring= + output_objdir=. + libname=conftest + lt_save_allow_undefined_flag=$allow_undefined_flag_CXX + allow_undefined_flag_CXX= + if { { eval echo "\"\$as_me\":${as_lineno-$LINENO}: \"$archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1\""; } >&5 + (eval $archive_cmds_CXX 2\>\&1 \| $GREP \" -lc \" \>/dev/null 2\>\&1) 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } + then + lt_cv_archive_cmds_need_lc_CXX=no + else + lt_cv_archive_cmds_need_lc_CXX=yes + fi + allow_undefined_flag_CXX=$lt_save_allow_undefined_flag + else + cat conftest.err 1>&5 + fi + $RM conftest* + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $lt_cv_archive_cmds_need_lc_CXX" >&5 +$as_echo "$lt_cv_archive_cmds_need_lc_CXX" >&6; } + archive_cmds_need_lc_CXX=$lt_cv_archive_cmds_need_lc_CXX + ;; + esac + fi + ;; +esac + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking dynamic linker characteristics" >&5 +$as_echo_n "checking dynamic linker characteristics... " >&6; } + +library_names_spec= +libname_spec='lib$name' +soname_spec= +shrext_cmds=.so +postinstall_cmds= +postuninstall_cmds= +finish_cmds= +finish_eval= +shlibpath_var= +shlibpath_overrides_runpath=unknown +version_type=none +dynamic_linker="$host_os ld.so" +sys_lib_dlsearch_path_spec="/lib /usr/lib" +need_lib_prefix=unknown +hardcode_into_libs=no + +# when you set need_version to no, make sure it does not cause -set_version +# flags to be left without arguments +need_version=unknown + + + +case $host_os in +aix3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname.a' + shlibpath_var=LIBPATH + + # AIX 3 has no versioning support, so we append a major version to the name. + soname_spec='$libname$release$shared_ext$major' + ;; + +aix[4-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + hardcode_into_libs=yes + if test ia64 = "$host_cpu"; then + # AIX 5 supports IA64 + library_names_spec='$libname$release$shared_ext$major $libname$release$shared_ext$versuffix $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + else + # With GCC up to 2.95.x, collect2 would create an import file + # for dependence libraries. The import file would start with + # the line '#! .'. This would cause the generated library to + # depend on '.', always an invalid library. This was fixed in + # development snapshots of GCC prior to 3.0. + case $host_os in + aix4 | aix4.[01] | aix4.[01].*) + if { echo '#if __GNUC__ > 2 || (__GNUC__ == 2 && __GNUC_MINOR__ >= 97)' + echo ' yes ' + echo '#endif'; } | $CC -E - | $GREP yes > /dev/null; then + : + else + can_build_shared=no + fi + ;; + esac + # Using Import Files as archive members, it is possible to support + # filename-based versioning of shared library archives on AIX. While + # this would work for both with and without runtime linking, it will + # prevent static linking of such archives. So we do filename-based + # shared library versioning with .so extension only, which is used + # when both runtime linking and shared linking is enabled. + # Unfortunately, runtime linking may impact performance, so we do + # not want this to be the default eventually. Also, we use the + # versioned .so libs for executables only if there is the -brtl + # linker flag in LDFLAGS as well, or --with-aix-soname=svr4 only. + # To allow for filename-based versioning support, we need to create + # libNAME.so.V as an archive file, containing: + # *) an Import File, referring to the versioned filename of the + # archive as well as the shared archive member, telling the + # bitwidth (32 or 64) of that shared object, and providing the + # list of exported symbols of that shared object, eventually + # decorated with the 'weak' keyword + # *) the shared object with the F_LOADONLY flag set, to really avoid + # it being seen by the linker. + # At run time we better use the real file rather than another symlink, + # but for link time we create the symlink libNAME.so -> libNAME.so.V + + case $with_aix_soname,$aix_use_runtimelinking in + # AIX (on Power*) has no versioning support, so currently we cannot hardcode correct + # soname into executable. Probably we can add versioning support to + # collect2, so additional links can be useful in future. + aix,yes) # traditional libtool + dynamic_linker='AIX unversionable lib.so' + # If using run time linking (on AIX 4.2 or later) use lib.so + # instead of lib.a to let people know that these are not + # typical AIX shared libraries. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + aix,no) # traditional AIX only + dynamic_linker='AIX lib.a(lib.so.V)' + # We preserve .a as extension for shared libraries through AIX4.2 + # and later when we are not doing run time linking. + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + ;; + svr4,*) # full svr4 only + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,yes) # both, prefer svr4 + dynamic_linker="AIX lib.so.V($shared_archive_member_spec.o), lib.a(lib.so.V)" + library_names_spec='$libname$release$shared_ext$major $libname$shared_ext' + # unpreferred sharedlib libNAME.a needs extra handling + postinstall_cmds='test -n "$linkname" || linkname="$realname"~func_stripname "" ".so" "$linkname"~$install_shared_prog "$dir/$func_stripname_result.$libext" "$destdir/$func_stripname_result.$libext"~test -z "$tstripme" || test -z "$striplib" || $striplib "$destdir/$func_stripname_result.$libext"' + postuninstall_cmds='for n in $library_names $old_library; do :; done~func_stripname "" ".so" "$n"~test "$func_stripname_result" = "$n" || func_append rmfiles " $odir/$func_stripname_result.$libext"' + # We do not specify a path in Import Files, so LIBPATH fires. + shlibpath_overrides_runpath=yes + ;; + *,no) # both, prefer aix + dynamic_linker="AIX lib.a(lib.so.V), lib.so.V($shared_archive_member_spec.o)" + library_names_spec='$libname$release.a $libname.a' + soname_spec='$libname$release$shared_ext$major' + # unpreferred sharedlib libNAME.so.V and symlink libNAME.so need extra handling + postinstall_cmds='test -z "$dlname" || $install_shared_prog $dir/$dlname $destdir/$dlname~test -z "$tstripme" || test -z "$striplib" || $striplib $destdir/$dlname~test -n "$linkname" || linkname=$realname~func_stripname "" ".a" "$linkname"~(cd "$destdir" && $LN_S -f $dlname $func_stripname_result.so)' + postuninstall_cmds='test -z "$dlname" || func_append rmfiles " $odir/$dlname"~for n in $old_library $library_names; do :; done~func_stripname "" ".a" "$n"~func_append rmfiles " $odir/$func_stripname_result.so"' + ;; + esac + shlibpath_var=LIBPATH + fi + ;; + +amigaos*) + case $host_cpu in + powerpc) + # Since July 2007 AmigaOS4 officially supports .so libraries. + # When compiling the executable, add -use-dynld -Lsobjs: to the compileline. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + ;; + m68k) + library_names_spec='$libname.ixlibrary $libname.a' + # Create ${libname}_ixlibrary.a entries in /sys/libs. + finish_eval='for lib in `ls $libdir/*.ixlibrary 2>/dev/null`; do libname=`func_echo_all "$lib" | $SED '\''s%^.*/\([^/]*\)\.ixlibrary$%\1%'\''`; $RM /sys/libs/${libname}_ixlibrary.a; $show "cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a"; cd /sys/libs && $LN_S $lib ${libname}_ixlibrary.a || exit 1; done' + ;; + esac + ;; + +beos*) + library_names_spec='$libname$shared_ext' + dynamic_linker="$host_os ld.so" + shlibpath_var=LIBRARY_PATH + ;; + +bsdi[45]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/shlib /usr/lib /usr/X11/lib /usr/contrib/lib /lib /usr/local/lib" + sys_lib_dlsearch_path_spec="/shlib /usr/lib /usr/local/lib" + # the default ld.so.conf also contains /usr/contrib/lib and + # /usr/X11R6/lib (/usr/X11 is a link to /usr/X11R6), but let us allow + # libtool to hard-code these into programs + ;; + +cygwin* | mingw* | pw32* | cegcc*) + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + + case $GCC,$cc_basename in + yes,*) + # gcc + library_names_spec='$libname.dll.a' + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + + case $host_os in + cygwin*) + # Cygwin DLLs use 'cyg' prefix rather than 'lib' + soname_spec='`echo $libname | sed -e 's/^lib/cyg/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + + ;; + mingw* | cegcc*) + # MinGW DLLs use traditional 'lib' prefix + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + ;; + pw32*) + # pw32 DLLs use 'pw' prefix rather than 'lib' + library_names_spec='`echo $libname | sed -e 's/^lib/pw/'``echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + ;; + esac + dynamic_linker='Win32 ld.exe' + ;; + + *,cl*) + # Native MSVC + libname_spec='$name' + soname_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext' + library_names_spec='$libname.dll.lib' + + case $build_os in + mingw*) + sys_lib_search_path_spec= + lt_save_ifs=$IFS + IFS=';' + for lt_path in $LIB + do + IFS=$lt_save_ifs + # Let DOS variable expansion print the short 8.3 style file name. + lt_path=`cd "$lt_path" 2>/dev/null && cmd //C "for %i in (".") do @echo %~si"` + sys_lib_search_path_spec="$sys_lib_search_path_spec $lt_path" + done + IFS=$lt_save_ifs + # Convert to MSYS style. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | sed -e 's|\\\\|/|g' -e 's| \\([a-zA-Z]\\):| /\\1|g' -e 's|^ ||'` + ;; + cygwin*) + # Convert to unix form, then to dos form, then back to unix form + # but this time dos style (no spaces!) so that the unix form looks + # like /cygdrive/c/PROGRA~1:/cygdr... + sys_lib_search_path_spec=`cygpath --path --unix "$LIB"` + sys_lib_search_path_spec=`cygpath --path --dos "$sys_lib_search_path_spec" 2>/dev/null` + sys_lib_search_path_spec=`cygpath --path --unix "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + ;; + *) + sys_lib_search_path_spec=$LIB + if $ECHO "$sys_lib_search_path_spec" | $GREP ';[c-zC-Z]:/' >/dev/null; then + # It is most probably a Windows format PATH. + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e 's/;/ /g'` + else + sys_lib_search_path_spec=`$ECHO "$sys_lib_search_path_spec" | $SED -e "s/$PATH_SEPARATOR/ /g"` + fi + # FIXME: find the short name or the path components, as spaces are + # common. (e.g. "Program Files" -> "PROGRA~1") + ;; + esac + + # DLL is installed to $(libdir)/../bin by postinstall_cmds + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; echo \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; echo \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + shlibpath_overrides_runpath=yes + dynamic_linker='Win32 link.exe' + ;; + + *) + # Assume MSVC wrapper + library_names_spec='$libname`echo $release | $SED -e 's/[.]/-/g'`$versuffix$shared_ext $libname.lib' + dynamic_linker='Win32 ld.exe' + ;; + esac + # FIXME: first we should search . and the directory the executable is in + shlibpath_var=PATH + ;; + +darwin* | rhapsody*) + dynamic_linker="$host_os dyld" + version_type=darwin + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$major$shared_ext $libname$shared_ext' + soname_spec='$libname$release$major$shared_ext' + shlibpath_overrides_runpath=yes + shlibpath_var=DYLD_LIBRARY_PATH + shrext_cmds='`test .$module = .yes && echo .so || echo .dylib`' + + sys_lib_dlsearch_path_spec='/usr/local/lib /lib /usr/lib' + ;; + +dgux*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +freebsd* | dragonfly*) + # DragonFly does not have aout. When/if they implement a new + # versioning mechanism, adjust this. + if test -x /usr/bin/objformat; then + objformat=`/usr/bin/objformat` + else + case $host_os in + freebsd[23].*) objformat=aout ;; + *) objformat=elf ;; + esac + fi + version_type=freebsd-$objformat + case $version_type in + freebsd-elf*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + need_version=no + need_lib_prefix=no + ;; + freebsd-*) + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + need_version=yes + ;; + esac + shlibpath_var=LD_LIBRARY_PATH + case $host_os in + freebsd2.*) + shlibpath_overrides_runpath=yes + ;; + freebsd3.[01]* | freebsdelf3.[01]*) + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + freebsd3.[2-9]* | freebsdelf3.[2-9]* | \ + freebsd4.[0-5] | freebsdelf4.[0-5] | freebsd4.1.1 | freebsdelf4.1.1) + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + *) # from 4.6 on, and DragonFly + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + esac + ;; + +haiku*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + dynamic_linker="$host_os runtime_loader" + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LIBRARY_PATH + shlibpath_overrides_runpath=no + sys_lib_dlsearch_path_spec='/boot/home/config/lib /boot/common/lib /boot/system/lib' + hardcode_into_libs=yes + ;; + +hpux9* | hpux10* | hpux11*) + # Give a soname corresponding to the major version so that dld.sl refuses to + # link against other versions. + version_type=sunos + need_lib_prefix=no + need_version=no + case $host_cpu in + ia64*) + shrext_cmds='.so' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.so" + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + if test 32 = "$HPUX_IA64_MODE"; then + sys_lib_search_path_spec="/usr/lib/hpux32 /usr/local/lib/hpux32 /usr/local/lib" + sys_lib_dlsearch_path_spec=/usr/lib/hpux32 + else + sys_lib_search_path_spec="/usr/lib/hpux64 /usr/local/lib/hpux64" + sys_lib_dlsearch_path_spec=/usr/lib/hpux64 + fi + ;; + hppa*64*) + shrext_cmds='.sl' + hardcode_into_libs=yes + dynamic_linker="$host_os dld.sl" + shlibpath_var=LD_LIBRARY_PATH # How should we handle SHLIB_PATH + shlibpath_overrides_runpath=yes # Unless +noenvvar is specified. + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + sys_lib_search_path_spec="/usr/lib/pa20_64 /usr/ccs/lib/pa20_64" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + *) + shrext_cmds='.sl' + dynamic_linker="$host_os dld.sl" + shlibpath_var=SHLIB_PATH + shlibpath_overrides_runpath=no # +s is required to enable SHLIB_PATH + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + ;; + esac + # HP-UX runs *really* slowly unless shared libraries are mode 555, ... + postinstall_cmds='chmod 555 $lib' + # or fails outright, so override atomically: + install_override_mode=555 + ;; + +interix[3-9]*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='Interix 3.x ld.so.1 (PE, like ELF)' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +irix5* | irix6* | nonstopux*) + case $host_os in + nonstopux*) version_type=nonstopux ;; + *) + if test yes = "$lt_cv_prog_gnu_ld"; then + version_type=linux # correct to gnu/linux during the next big refactor + else + version_type=irix + fi ;; + esac + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$release$shared_ext $libname$shared_ext' + case $host_os in + irix5* | nonstopux*) + libsuff= shlibsuff= + ;; + *) + case $LD in # libtool.m4 will add one of these switches to LD + *-32|*"-32 "|*-melf32bsmip|*"-melf32bsmip ") + libsuff= shlibsuff= libmagic=32-bit;; + *-n32|*"-n32 "|*-melf32bmipn32|*"-melf32bmipn32 ") + libsuff=32 shlibsuff=N32 libmagic=N32;; + *-64|*"-64 "|*-melf64bmip|*"-melf64bmip ") + libsuff=64 shlibsuff=64 libmagic=64-bit;; + *) libsuff= shlibsuff= libmagic=never-match;; + esac + ;; + esac + shlibpath_var=LD_LIBRARY${shlibsuff}_PATH + shlibpath_overrides_runpath=no + sys_lib_search_path_spec="/usr/lib$libsuff /lib$libsuff /usr/local/lib$libsuff" + sys_lib_dlsearch_path_spec="/usr/lib$libsuff /lib$libsuff" + hardcode_into_libs=yes + ;; + +# No shared lib support for Linux oldld, aout, or coff. +linux*oldld* | linux*aout* | linux*coff*) + dynamic_linker=no + ;; + +linux*android*) + version_type=none # Android doesn't support versioned libraries. + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext' + soname_spec='$libname$release$shared_ext' + finish_cmds= + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + dynamic_linker='Android linker' + # Don't embed -rpath directories since the linker doesn't support them. + hardcode_libdir_flag_spec_CXX='-L$libdir' + ;; + +# This must be glibc/ELF. +linux* | k*bsd*-gnu | kopensolaris*-gnu | gnu*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -n $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + + # Some binutils ld are patched to set DT_RUNPATH + if ${lt_cv_shlibpath_overrides_runpath+:} false; then : + $as_echo_n "(cached) " >&6 +else + lt_cv_shlibpath_overrides_runpath=no + save_LDFLAGS=$LDFLAGS + save_libdir=$libdir + eval "libdir=/foo; wl=\"$lt_prog_compiler_wl_CXX\"; \ + LDFLAGS=\"\$LDFLAGS $hardcode_libdir_flag_spec_CXX\"" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + if ($OBJDUMP -p conftest$ac_exeext) 2>/dev/null | grep "RUNPATH.*$libdir" >/dev/null; then : + lt_cv_shlibpath_overrides_runpath=yes +fi +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LDFLAGS=$save_LDFLAGS + libdir=$save_libdir + +fi + + shlibpath_overrides_runpath=$lt_cv_shlibpath_overrides_runpath + + # This implies no fast_install, which is unacceptable. + # Some rework will be needed to allow for fast_install + # before this can be enabled. + hardcode_into_libs=yes + + # Ideally, we could use ldconfig to report *all* directores which are + # searched for libraries, however this is still not possible. Aside from not + # being certain /sbin/ldconfig is available, command + # 'ldconfig -N -X -v | grep ^/' on 64bit Fedora does not report /usr/lib64, + # even though it is searched at run-time. Try to do the best guess by + # appending ld.so.conf contents (and includes) to the search path. + if test -f /etc/ld.so.conf; then + lt_ld_extra=`awk '/^include / { system(sprintf("cd /etc; cat %s 2>/dev/null", \$2)); skip = 1; } { if (!skip) print \$0; skip = 0; }' < /etc/ld.so.conf | $SED -e 's/#.*//;/^[ ]*hwcap[ ]/d;s/[:, ]/ /g;s/=[^=]*$//;s/=[^= ]* / /g;s/"//g;/^$/d' | tr '\n' ' '` + sys_lib_dlsearch_path_spec="/lib /usr/lib $lt_ld_extra" + fi + + # We used to test for /lib/ld.so.1 and disable shared libraries on + # powerpc, because MkLinux only supported shared libraries with the + # GNU dynamic linker. Since this was broken with cross compilers, + # most powerpc-linux boxes support dynamic linking these days and + # people can always --disable-shared, the test was removed, and we + # assume the GNU/Linux dynamic linker is in use. + dynamic_linker='GNU/Linux ld.so' + ;; + +netbsd*) + version_type=sunos + need_lib_prefix=no + need_version=no + if echo __ELF__ | $CC -E - | $GREP __ELF__ >/dev/null; then + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + dynamic_linker='NetBSD (a.out) ld.so' + else + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + dynamic_linker='NetBSD ld.elf_so' + fi + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + ;; + +newsos6) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +*nto* | *qnx*) + version_type=qnx + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + dynamic_linker='ldqnx.so' + ;; + +openbsd* | bitrig*) + version_type=sunos + sys_lib_dlsearch_path_spec=/usr/lib + need_lib_prefix=no + if test -z "`echo __ELF__ | $CC -E - | $GREP __ELF__`"; then + need_version=no + else + need_version=yes + fi + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/sbin" ldconfig -m $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + ;; + +os2*) + libname_spec='$name' + version_type=windows + shrext_cmds=.dll + need_version=no + need_lib_prefix=no + # OS/2 can only load a DLL with a base name of 8 characters or less. + soname_spec='`test -n "$os2dllname" && libname="$os2dllname"; + v=$($ECHO $release$versuffix | tr -d .-); + n=$($ECHO $libname | cut -b -$((8 - ${#v})) | tr . _); + $ECHO $n$v`$shared_ext' + library_names_spec='${libname}_dll.$libext' + dynamic_linker='OS/2 ld.exe' + shlibpath_var=BEGINLIBPATH + sys_lib_search_path_spec="/lib /usr/lib /usr/local/lib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + postinstall_cmds='base_file=`basename \$file`~ + dlpath=`$SHELL 2>&1 -c '\''. $dir/'\''\$base_file'\''i; $ECHO \$dlname'\''`~ + dldir=$destdir/`dirname \$dlpath`~ + test -d \$dldir || mkdir -p \$dldir~ + $install_prog $dir/$dlname \$dldir/$dlname~ + chmod a+x \$dldir/$dlname~ + if test -n '\''$stripme'\'' && test -n '\''$striplib'\''; then + eval '\''$striplib \$dldir/$dlname'\'' || exit \$?; + fi' + postuninstall_cmds='dldll=`$SHELL 2>&1 -c '\''. $file; $ECHO \$dlname'\''`~ + dlpath=$dir/\$dldll~ + $RM \$dlpath' + ;; + +osf3* | osf4* | osf5*) + version_type=osf + need_lib_prefix=no + need_version=no + soname_spec='$libname$release$shared_ext$major' + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + sys_lib_search_path_spec="/usr/shlib /usr/ccs/lib /usr/lib/cmplrs/cc /usr/lib /usr/local/lib /var/shlib" + sys_lib_dlsearch_path_spec=$sys_lib_search_path_spec + ;; + +rdos*) + dynamic_linker=no + ;; + +solaris*) + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + # ldd complains unless libraries are executable + postinstall_cmds='chmod +x $lib' + ;; + +sunos4*) + version_type=sunos + library_names_spec='$libname$release$shared_ext$versuffix $libname$shared_ext$versuffix' + finish_cmds='PATH="\$PATH:/usr/etc" ldconfig $libdir' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + if test yes = "$with_gnu_ld"; then + need_lib_prefix=no + fi + need_version=yes + ;; + +sysv4 | sysv4.3*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + case $host_vendor in + sni) + shlibpath_overrides_runpath=no + need_lib_prefix=no + runpath_var=LD_RUN_PATH + ;; + siemens) + need_lib_prefix=no + ;; + motorola) + need_lib_prefix=no + need_version=no + shlibpath_overrides_runpath=no + sys_lib_search_path_spec='/lib /usr/lib /usr/ccs/lib' + ;; + esac + ;; + +sysv4*MP*) + if test -d /usr/nec; then + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$shared_ext.$versuffix $libname$shared_ext.$major $libname$shared_ext' + soname_spec='$libname$shared_ext.$major' + shlibpath_var=LD_LIBRARY_PATH + fi + ;; + +sysv5* | sco3.2v5* | sco5v6* | unixware* | OpenUNIX* | sysv4*uw2*) + version_type=sco + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=yes + hardcode_into_libs=yes + if test yes = "$with_gnu_ld"; then + sys_lib_search_path_spec='/usr/local/lib /usr/gnu/lib /usr/ccs/lib /usr/lib /lib' + else + sys_lib_search_path_spec='/usr/ccs/lib /usr/lib' + case $host_os in + sco3.2v5*) + sys_lib_search_path_spec="$sys_lib_search_path_spec /lib" + ;; + esac + fi + sys_lib_dlsearch_path_spec='/usr/lib' + ;; + +tpf*) + # TPF is a cross-target only. Preferred cross-host = GNU/Linux. + version_type=linux # correct to gnu/linux during the next big refactor + need_lib_prefix=no + need_version=no + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + shlibpath_var=LD_LIBRARY_PATH + shlibpath_overrides_runpath=no + hardcode_into_libs=yes + ;; + +uts4*) + version_type=linux # correct to gnu/linux during the next big refactor + library_names_spec='$libname$release$shared_ext$versuffix $libname$release$shared_ext$major $libname$shared_ext' + soname_spec='$libname$release$shared_ext$major' + shlibpath_var=LD_LIBRARY_PATH + ;; + +*) + dynamic_linker=no + ;; +esac +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $dynamic_linker" >&5 +$as_echo "$dynamic_linker" >&6; } +test no = "$dynamic_linker" && can_build_shared=no + +variables_saved_for_relink="PATH $shlibpath_var $runpath_var" +if test yes = "$GCC"; then + variables_saved_for_relink="$variables_saved_for_relink GCC_EXEC_PREFIX COMPILER_PATH LIBRARY_PATH" +fi + +if test set = "${lt_cv_sys_lib_search_path_spec+set}"; then + sys_lib_search_path_spec=$lt_cv_sys_lib_search_path_spec +fi + +if test set = "${lt_cv_sys_lib_dlsearch_path_spec+set}"; then + sys_lib_dlsearch_path_spec=$lt_cv_sys_lib_dlsearch_path_spec +fi + +# remember unaugmented sys_lib_dlsearch_path content for libtool script decls... +configure_time_dlsearch_path=$sys_lib_dlsearch_path_spec + +# ... but it needs LT_SYS_LIBRARY_PATH munging for other configure-time code +func_munge_path_list sys_lib_dlsearch_path_spec "$LT_SYS_LIBRARY_PATH" + +# to be used as default LT_SYS_LIBRARY_PATH value in generated libtool +configure_time_lt_sys_library_path=$LT_SYS_LIBRARY_PATH + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking how to hardcode library paths into programs" >&5 +$as_echo_n "checking how to hardcode library paths into programs... " >&6; } +hardcode_action_CXX= +if test -n "$hardcode_libdir_flag_spec_CXX" || + test -n "$runpath_var_CXX" || + test yes = "$hardcode_automatic_CXX"; then + + # We can hardcode non-existent directories. + if test no != "$hardcode_direct_CXX" && + # If the only mechanism to avoid hardcoding is shlibpath_var, we + # have to relink, otherwise we might link with an installed library + # when we should be linking with a yet-to-be-installed one + ## test no != "$_LT_TAGVAR(hardcode_shlibpath_var, CXX)" && + test no != "$hardcode_minus_L_CXX"; then + # Linking always hardcodes the temporary library directory. + hardcode_action_CXX=relink + else + # We can link without hardcoding, and we can hardcode nonexisting dirs. + hardcode_action_CXX=immediate + fi +else + # We cannot hardcode anything, or else we can only hardcode existing + # directories. + hardcode_action_CXX=unsupported +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $hardcode_action_CXX" >&5 +$as_echo "$hardcode_action_CXX" >&6; } + +if test relink = "$hardcode_action_CXX" || + test yes = "$inherit_rpath_CXX"; then + # Fast installation is not supported + enable_fast_install=no +elif test yes = "$shlibpath_overrides_runpath" || + test no = "$enable_shared"; then + # Fast installation is not necessary + enable_fast_install=needless +fi + + + + + + + + fi # test -n "$compiler" + + CC=$lt_save_CC + CFLAGS=$lt_save_CFLAGS + LDCXX=$LD + LD=$lt_save_LD + GCC=$lt_save_GCC + with_gnu_ld=$lt_save_with_gnu_ld + lt_cv_path_LDCXX=$lt_cv_path_LD + lt_cv_path_LD=$lt_save_path_LD + lt_cv_prog_gnu_ldcxx=$lt_cv_prog_gnu_ld + lt_cv_prog_gnu_ld=$lt_save_with_gnu_ld +fi # test yes != "$_lt_caught_CXX_error" + +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + + + + + + + + + + + + + + + + ac_config_commands="$ac_config_commands libtool" + + + + +# Only expand once: + + + +CFLAGS="-g -O3 -Wall -Wextra -Wshadow -Wno-unused-parameter $CFLAGS" +CXXFLAGS="-g -O3 -Wall -Wextra -Wshadow -Wno-unused-parameter -Wmissing-declarations -Wredundant-decls $CXXFLAGS" + + + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we will be linking in libsodium" >&5 +$as_echo_n "checking whether we will be linking in libsodium... " >&6; } + +# Check whether --with-libsodium was given. +if test "${with_libsodium+set}" = set; then : + withval=$with_libsodium; with_libsodium=$withval +else + with_libsodium=auto +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_libsodium" >&5 +$as_echo "$with_libsodium" >&6; } + + if test "x$with_libsodium" != "xno"; then : + + if test "x$with_libsodium" = "xyes" -o "x$with_libsodium" = "xauto"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBSODIUM" >&5 +$as_echo_n "checking for LIBSODIUM... " >&6; } + +if test -n "$LIBSODIUM_CFLAGS"; then + pkg_cv_LIBSODIUM_CFLAGS="$LIBSODIUM_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsodium\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsodium") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBSODIUM_CFLAGS=`$PKG_CONFIG --cflags "libsodium" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LIBSODIUM_LIBS"; then + pkg_cv_LIBSODIUM_LIBS="$LIBSODIUM_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libsodium\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libsodium") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBSODIUM_LIBS=`$PKG_CONFIG --libs "libsodium" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBSODIUM_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libsodium" 2>&1` + else + LIBSODIUM_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libsodium" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBSODIUM_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LIBSODIUM_CFLAGS=$pkg_cv_LIBSODIUM_CFLAGS + LIBSODIUM_LIBS=$pkg_cv_LIBSODIUM_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LIBSODIUM 1" >>confdefs.h + + save_CFLAGS=$CFLAGS + save_LIBS=$LIBS + CFLAGS="$LIBSODIUM_CFLAGS $CFLAGS" + LIBS="$LIBSODIUM_LIBS $LIBS" + for ac_func in crypto_box_easy_afternm crypto_box_curve25519xchacha20poly1305_easy randombytes_stir sodium_memcmp crypto_shorthash +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_cxx_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + CFLAGS=$save_CFLAGS + LIBS=$save_LIBS + +fi + +fi + +fi + if test "x$LIBSODIUM_LIBS" != "x"; then + LIBSODIUM_TRUE= + LIBSODIUM_FALSE='#' +else + LIBSODIUM_TRUE='#' + LIBSODIUM_FALSE= +fi + + if test "x$with_libsodium" = "xyes"; then : + + if test x"$LIBSODIUM_LIBS" = "x"; then : + + as_fn_error $? "libsodium requested but libraries were not found" "$LINENO" 5 + +fi + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we will have dnstap" >&5 +$as_echo_n "checking whether we will have dnstap... " >&6; } + # Check whether --enable-dnstap was given. +if test "${enable_dnstap+set}" = set; then : + enableval=$enable_dnstap; enable_dnstap=$enableval +else + enable_dnstap=auto +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_dnstap" >&5 +$as_echo "$enable_dnstap" >&6; } + + if test "x$enable_dnstap" != "xno"; then : + + if test "x$enable_dnstap" = "xyes" -o "x$enable_dnstap" = "xauto"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for FSTRM" >&5 +$as_echo_n "checking for FSTRM... " >&6; } + +if test -n "$FSTRM_CFLAGS"; then + pkg_cv_FSTRM_CFLAGS="$FSTRM_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libfstrm\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libfstrm") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_FSTRM_CFLAGS=`$PKG_CONFIG --cflags "libfstrm" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$FSTRM_LIBS"; then + pkg_cv_FSTRM_LIBS="$FSTRM_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libfstrm\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libfstrm") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_FSTRM_LIBS=`$PKG_CONFIG --libs "libfstrm" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + FSTRM_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libfstrm" 2>&1` + else + FSTRM_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libfstrm" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$FSTRM_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + FSTRM_CFLAGS=$pkg_cv_FSTRM_CFLAGS + FSTRM_LIBS=$pkg_cv_FSTRM_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_FSTRM 1" >>confdefs.h + + save_CFLAGS=$CFLAGS + save_LIBS=$LIBS + CFLAGS="$FSTRM_CFLAGS $CFLAGS" + LIBS="$FSTRM_LIBS $LIBS" + for ac_func in fstrm_tcp_writer_init +do : + ac_fn_cxx_check_func "$LINENO" "fstrm_tcp_writer_init" "ac_cv_func_fstrm_tcp_writer_init" +if test "x$ac_cv_func_fstrm_tcp_writer_init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_FSTRM_TCP_WRITER_INIT 1 +_ACEOF + +fi +done + + CFLAGS=$save_CFLAGS + LIBS=$save_LIBS + +fi + +fi + +fi + + if test "x$FSTRM_LIBS" != "x"; then + FSTRM_TRUE= + FSTRM_FALSE='#' +else + FSTRM_TRUE='#' + FSTRM_FALSE= +fi + + if test "x$enable_dnstap" = "xyes"; then : + + if test x"$FSTRM_LIBS" = "x"; then : + + as_fn_error $? "dnstap requested but libfstrm was not found" "$LINENO" 5 + +fi + +fi + + + # Extract the first word of "ragel", so it can be a program name with args. +set dummy ragel; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_RAGEL+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$RAGEL"; then + ac_cv_prog_RAGEL="$RAGEL" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_RAGEL="ragel" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +RAGEL=$ac_cv_prog_RAGEL +if test -n "$RAGEL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RAGEL" >&5 +$as_echo "$RAGEL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "x$RAGEL" = "x"; then + if test ! -f "${srcdir}/dnslabeltext.cc"; then + as_fn_error $? "ragel is missing and you don't have ${srcdir}/dnslabeltext.cc. Install ragel or download sources from www.dnsdist.org" "$LINENO" 5 + fi + fi + + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBEDIT" >&5 +$as_echo_n "checking for LIBEDIT... " >&6; } + +if test -n "$LIBEDIT_CFLAGS"; then + pkg_cv_LIBEDIT_CFLAGS="$LIBEDIT_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libedit\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libedit") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBEDIT_CFLAGS=`$PKG_CONFIG --cflags "libedit" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LIBEDIT_LIBS"; then + pkg_cv_LIBEDIT_LIBS="$LIBEDIT_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libedit\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libedit") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBEDIT_LIBS=`$PKG_CONFIG --libs "libedit" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBEDIT_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libedit" 2>&1` + else + LIBEDIT_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libedit" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBEDIT_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (libedit) were not met: + +$LIBEDIT_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables LIBEDIT_CFLAGS +and LIBEDIT_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables LIBEDIT_CFLAGS +and LIBEDIT_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + LIBEDIT_CFLAGS=$pkg_cv_LIBEDIT_CFLAGS + LIBEDIT_LIBS=$pkg_cv_LIBEDIT_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + + + OLD_LIBS="$LIBS"; LIBS="" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing clock_gettime" >&5 +$as_echo_n "checking for library containing clock_gettime... " >&6; } +if ${ac_cv_search_clock_gettime+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char clock_gettime (); +int +main () +{ +return clock_gettime (); + ; + return 0; +} +_ACEOF +for ac_lib in '' rt; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_search_clock_gettime=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_clock_gettime+:} false; then : + break +fi +done +if ${ac_cv_search_clock_gettime+:} false; then : + +else + ac_cv_search_clock_gettime=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_clock_gettime" >&5 +$as_echo "$ac_cv_search_clock_gettime" >&6; } +ac_res=$ac_cv_search_clock_gettime +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_CLOCK_GETTIME 1" >>confdefs.h + +fi + + RT_LIBS=$LIBS + + LIBS="$OLD_LIBS" + + + + THREADFLAGS="" + + case "$host_os" in + solaris2.1*) + LIBS="-lposix4 -lpthread $LIBS" + CXXFLAGS="-D_REENTRANT $CXXFLAGS" + have_solaris="yes" + ;; + solaris2.8 | solaris2.9 ) + +$as_echo "#define NEED_POSIX_TYPEDEF /**/" >>confdefs.h + + +$as_echo "#define NEED_INET_NTOP_PROTO /**/" >>confdefs.h + + LIBS="-lposix4 -lpthread $LIBS" + CXXFLAGS="-D_REENTRANT $CXXFLAGS" + have_solaris="yes" + ;; + linux*) + THREADFLAGS="-pthread" + have_linux="yes" + ;; + darwin*) + CXXFLAGS="-D__APPLE_USE_RFC_3542 -D_XOPEN_SOURCE -D_DARWIN_C_SOURCE $CXXFLAGS" + have_darwin="yes" + ;; + freebsd*) + THREADFLAGS="-pthread" + have_freebsd="yes" + ;; + openbsd*) + THREADFLAGS="-pthread" + have_openbsd="yes" + ;; + *) + LDFLAGS="-pthread $LDFLAGS" + CXXFLAGS="-pthread $CXXFLAGS" + ;; + esac + + if test "x$have_freebsd" = "xyes"; then + HAVE_FREEBSD_TRUE= + HAVE_FREEBSD_FALSE='#' +else + HAVE_FREEBSD_TRUE='#' + HAVE_FREEBSD_FALSE= +fi + + if test "x$have_openbsd" = "xyes"; then + HAVE_OPENBSD_TRUE= + HAVE_OPENBSD_FALSE='#' +else + HAVE_OPENBSD_TRUE='#' + HAVE_OPENBSD_FALSE= +fi + + if test "x$have_linux" = "xyes"; then + HAVE_LINUX_TRUE= + HAVE_LINUX_FALSE='#' +else + HAVE_LINUX_TRUE='#' + HAVE_LINUX_FALSE= +fi + + if test "x$have_darwin" = "xyes"; then + HAVE_DARWIN_TRUE= + HAVE_DARWIN_FALSE='#' +else + HAVE_DARWIN_TRUE='#' + HAVE_DARWIN_FALSE= +fi + + if test "x$have_solaris" = "xyes"; then + HAVE_SOLARIS_TRUE= + HAVE_SOLARIS_FALSE='#' +else + HAVE_SOLARIS_TRUE='#' + HAVE_SOLARIS_FALSE= +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether -latomic is needed for __atomic builtins" >&5 +$as_echo_n "checking whether -latomic is needed for __atomic builtins... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED); + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +else + LIBS="$LIBS -latomic" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +uint64_t val = 0; __atomic_add_fetch(&val, 1, __ATOMIC_RELAXED); + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "libatomic needed, but linking with -latomic failed, cannot continue +See \`config.log' for more details" "$LINENO" 5; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + + + DYNLINKFLAGS=-export-dynamic + + + + stored_LIBS="$LIBS" + LIBS="-lpthread" + # pthread setname (4 non-portable variants...) + for ac_header in pthread_np.h +do : + ac_fn_cxx_check_header_compile "$LINENO" "pthread_np.h" "ac_cv_header_pthread_np_h" "#include +" +if test "x$ac_cv_header_pthread_np_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PTHREAD_NP_H 1 +_ACEOF + +fi + +done + + + # 2-arg setname (e.g. Linux/glibc, QNX, IBM) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 2-arg pthread_setname_np" >&5 +$as_echo_n "checking for 2-arg pthread_setname_np... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #if HAVE_PTHREAD_NP_H + # include + #endif + +int +main () +{ + + pthread_setname_np(pthread_self(), "foo") + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + + +$as_echo "#define HAVE_PTHREAD_SETNAME_NP_2 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + # 2-arg set_name (e.g. FreeBSD, OpenBSD) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 2-arg pthread_set_name_np" >&5 +$as_echo_n "checking for 2-arg pthread_set_name_np... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #if HAVE_PTHREAD_NP_H + # include + #endif + +int +main () +{ + + return pthread_set_name_np(pthread_self(), "foo"); + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + + +$as_echo "#define HAVE_PTHREAD_SET_NAME_NP_2 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + # 2-arg void set_name (e.g. FreeBSD, OpenBSD) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 2-arg void pthread_set_name_np" >&5 +$as_echo_n "checking for 2-arg void pthread_set_name_np... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #if HAVE_PTHREAD_NP_H + # include + #endif + +int +main () +{ + + pthread_set_name_np(pthread_self(), "foo"); + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + + +$as_echo "#define HAVE_PTHREAD_SET_NAME_NP_2_VOID 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + # 1-arg setname (e.g. Darwin) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 1-arg pthread_setname_np" >&5 +$as_echo_n "checking for 1-arg pthread_setname_np... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #if HAVE_PTHREAD_NP_H + # include + #endif + +int +main () +{ + + return pthread_setname_np("foo"); + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + + +$as_echo "#define HAVE_PTHREAD_SETNAME_NP_1 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + # 3-arg setname (e.g. NetBSD) + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for 3-arg pthread_setname_np" >&5 +$as_echo_n "checking for 3-arg pthread_setname_np... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include + #if HAVE_PTHREAD_NP_H + # include + #endif + +int +main () +{ + + return pthread_setname_np(pthread_self(), "foo", NULL); + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + + +$as_echo "#define HAVE_PTHREAD_SETNAME_NP_3 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + LIBS=$stored_LIBS + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing inet_aton" >&5 +$as_echo_n "checking for library containing inet_aton... " >&6; } +if ${ac_cv_search_inet_aton+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char inet_aton (); +int +main () +{ +return inet_aton (); + ; + return 0; +} +_ACEOF +for ac_lib in '' resolv; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_search_inet_aton=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_inet_aton+:} false; then : + break +fi +done +if ${ac_cv_search_inet_aton+:} false; then : + +else + ac_cv_search_inet_aton=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_inet_aton" >&5 +$as_echo "$ac_cv_search_inet_aton" >&6; } +ac_res=$ac_cv_search_inet_aton +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostbyname" >&5 +$as_echo_n "checking for library containing gethostbyname... " >&6; } +if ${ac_cv_search_gethostbyname+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gethostbyname (); +int +main () +{ +return gethostbyname (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_search_gethostbyname=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_gethostbyname+:} false; then : + break +fi +done +if ${ac_cv_search_gethostbyname+:} false; then : + +else + ac_cv_search_gethostbyname=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostbyname" >&5 +$as_echo "$ac_cv_search_gethostbyname" >&6; } +ac_res=$ac_cv_search_gethostbyname +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing socket" >&5 +$as_echo_n "checking for library containing socket... " >&6; } +if ${ac_cv_search_socket+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char socket (); +int +main () +{ +return socket (); + ; + return 0; +} +_ACEOF +for ac_lib in '' socket; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_search_socket=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_socket+:} false; then : + break +fi +done +if ${ac_cv_search_socket+:} false; then : + +else + ac_cv_search_socket=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_socket" >&5 +$as_echo "$ac_cv_search_socket" >&6; } +ac_res=$ac_cv_search_socket +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing gethostent" >&5 +$as_echo_n "checking for library containing gethostent... " >&6; } +if ${ac_cv_search_gethostent+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char gethostent (); +int +main () +{ +return gethostent (); + ; + return 0; +} +_ACEOF +for ac_lib in '' nsl; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_search_gethostent=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_gethostent+:} false; then : + break +fi +done +if ${ac_cv_search_gethostent+:} false; then : + +else + ac_cv_search_gethostent=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_gethostent" >&5 +$as_echo "$ac_cv_search_gethostent" >&6; } +ac_res=$ac_cv_search_gethostent +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +fi + + for ac_func in recvmmsg sendmmsg accept4 +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_cxx_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pthread_setaffinity_np" >&5 +$as_echo_n "checking for library containing pthread_setaffinity_np... " >&6; } +if ${ac_cv_search_pthread_setaffinity_np+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_setaffinity_np (); +int +main () +{ +return pthread_setaffinity_np (); + ; + return 0; +} +_ACEOF +for ac_lib in '' pthread; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_search_pthread_setaffinity_np=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_pthread_setaffinity_np+:} false; then : + break +fi +done +if ${ac_cv_search_pthread_setaffinity_np+:} false; then : + +else + ac_cv_search_pthread_setaffinity_np=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_pthread_setaffinity_np" >&5 +$as_echo "$ac_cv_search_pthread_setaffinity_np" >&6; } +ac_res=$ac_cv_search_pthread_setaffinity_np +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_PTHREAD_SETAFFINITY_NP 1" >>confdefs.h + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pthread_getattr_np" >&5 +$as_echo_n "checking for library containing pthread_getattr_np... " >&6; } +if ${ac_cv_search_pthread_getattr_np+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_getattr_np (); +int +main () +{ +return pthread_getattr_np (); + ; + return 0; +} +_ACEOF +for ac_lib in '' pthread; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_search_pthread_getattr_np=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_pthread_getattr_np+:} false; then : + break +fi +done +if ${ac_cv_search_pthread_getattr_np+:} false; then : + +else + ac_cv_search_pthread_getattr_np=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_pthread_getattr_np" >&5 +$as_echo "$ac_cv_search_pthread_getattr_np" >&6; } +ac_res=$ac_cv_search_pthread_getattr_np +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_PTHREAD_GETATTR_NP 1" >>confdefs.h + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pthread_get_stackaddr_np" >&5 +$as_echo_n "checking for library containing pthread_get_stackaddr_np... " >&6; } +if ${ac_cv_search_pthread_get_stackaddr_np+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_get_stackaddr_np (); +int +main () +{ +return pthread_get_stackaddr_np (); + ; + return 0; +} +_ACEOF +for ac_lib in '' pthread; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_search_pthread_get_stackaddr_np=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_pthread_get_stackaddr_np+:} false; then : + break +fi +done +if ${ac_cv_search_pthread_get_stackaddr_np+:} false; then : + +else + ac_cv_search_pthread_get_stackaddr_np=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_pthread_get_stackaddr_np" >&5 +$as_echo "$ac_cv_search_pthread_get_stackaddr_np" >&6; } +ac_res=$ac_cv_search_pthread_get_stackaddr_np +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_PTHREAD_GET_STACKADDR_NP 1" >>confdefs.h + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing pthread_get_stacksize_np" >&5 +$as_echo_n "checking for library containing pthread_get_stacksize_np... " >&6; } +if ${ac_cv_search_pthread_get_stacksize_np+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char pthread_get_stacksize_np (); +int +main () +{ +return pthread_get_stacksize_np (); + ; + return 0; +} +_ACEOF +for ac_lib in '' pthread; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_search_pthread_get_stacksize_np=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_pthread_get_stacksize_np+:} false; then : + break +fi +done +if ${ac_cv_search_pthread_get_stacksize_np+:} false; then : + +else + ac_cv_search_pthread_get_stacksize_np=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_pthread_get_stacksize_np" >&5 +$as_echo "$ac_cv_search_pthread_get_stacksize_np" >&6; } +ac_res=$ac_cv_search_pthread_get_stacksize_np +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + +$as_echo "#define HAVE_PTHREAD_GET_STACKSIZE_NP 1" >>confdefs.h + +fi + + + + for ac_func in explicit_bzero explicit_memset +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_cxx_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + + + +echo "$as_me: this is boost.m4 serial 36" >&5 +boost_save_IFS=$IFS +boost_version_req=1.42 +IFS=. +set x $boost_version_req 0 0 0 +IFS=$boost_save_IFS +shift +boost_version_req=`expr "$1" '*' 100000 + "$2" '*' 100 + "$3"` +boost_version_req_string=$1.$2.$3 + +# Check whether --with-boost was given. +if test "${with_boost+set}" = set; then : + withval=$with_boost; +fi +# If BOOST_ROOT is set and the user has not provided a value to +# --with-boost, then treat BOOST_ROOT as if it the user supplied it. +if test x"$BOOST_ROOT" != x; then + if test x"$with_boost" = x; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Detected BOOST_ROOT; continuing with --with-boost=$BOOST_ROOT" >&5 +$as_echo "$as_me: Detected BOOST_ROOT; continuing with --with-boost=$BOOST_ROOT" >&6;} + with_boost=$BOOST_ROOT + else + { $as_echo "$as_me:${as_lineno-$LINENO}: Detected BOOST_ROOT=$BOOST_ROOT, but overridden by --with-boost=$with_boost" >&5 +$as_echo "$as_me: Detected BOOST_ROOT=$BOOST_ROOT, but overridden by --with-boost=$with_boost" >&6;} + fi +fi +DISTCHECK_CONFIGURE_FLAGS="$DISTCHECK_CONFIGURE_FLAGS '--with-boost=$with_boost'" +boost_save_CPPFLAGS=$CPPFLAGS + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Boost headers version >= $boost_version_req_string" >&5 +$as_echo_n "checking for Boost headers version >= $boost_version_req_string... " >&6; } +if ${boost_cv_inc_path+:} false; then : + $as_echo_n "(cached) " >&6 +else + boost_cv_inc_path=no +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +#if !defined BOOST_VERSION +# error BOOST_VERSION is not defined +#elif BOOST_VERSION < $boost_version_req +# error Boost headers version < $boost_version_req +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF + # If the user provided a value to --with-boost, use it and only it. + case $with_boost in #( + ''|yes) set x '' /opt/local/include /usr/local/include /opt/include \ + /usr/include C:/Boost/include;; #( + *) set x "$with_boost/include" "$with_boost";; + esac + shift + for boost_dir + do + # Without --layout=system, Boost (or at least some versions) installs + # itself in /include/boost-. This inner loop helps to + # find headers in such directories. + # + # Any ${boost_dir}/boost-x_xx directories are searched in reverse version + # order followed by ${boost_dir}. The final '.' is a sentinel for + # searching $boost_dir" itself. Entries are whitespace separated. + # + # I didn't indent this loop on purpose (to avoid over-indented code) + boost_layout_system_search_list=`cd "$boost_dir" 2>/dev/null \ + && ls -1 | "${GREP}" '^boost-' | sort -rn -t- -k2 \ + && echo .` + for boost_inc in $boost_layout_system_search_list + do + if test x"$boost_inc" != x.; then + boost_inc="$boost_dir/$boost_inc" + else + boost_inc="$boost_dir" # Uses sentinel in boost_layout_system_search_list + fi + if test x"$boost_inc" != x; then + # We are going to check whether the version of Boost installed + # in $boost_inc is usable by running a compilation that + # #includes it. But if we pass a -I/some/path in which Boost + # is not installed, the compiler will just skip this -I and + # use other locations (either from CPPFLAGS, or from its list + # of system include directories). As a result we would use + # header installed on the machine instead of the /some/path + # specified by the user. So in that precise case (trying + # $boost_inc), make sure the version.hpp exists. + # + # Use test -e as there can be symlinks. + test -e "$boost_inc/boost/version.hpp" || continue + CPPFLAGS="$CPPFLAGS -I$boost_inc" + fi + if ac_fn_cxx_try_compile "$LINENO"; then : + boost_cv_inc_path=yes +else + boost_cv_version=no +fi +rm -f core conftest.err conftest.$ac_objext + if test x"$boost_cv_inc_path" = xyes; then + if test x"$boost_inc" != x; then + boost_cv_inc_path=$boost_inc + fi + break 2 + fi + done + done +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $boost_cv_inc_path" >&5 +$as_echo "$boost_cv_inc_path" >&6; } + case $boost_cv_inc_path in #( + no) + boost_errmsg="cannot find Boost headers version >= $boost_version_req_string" + as_fn_error $? "$boost_errmsg" "$LINENO" 5 + + ;;#( + yes) + BOOST_CPPFLAGS= + ;;#( + *) + BOOST_CPPFLAGS="-I$boost_cv_inc_path" + ;; + esac + if test x"$boost_cv_inc_path" != xno; then + +$as_echo "#define HAVE_BOOST 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for Boost's header version" >&5 +$as_echo_n "checking for Boost's header version... " >&6; } +if ${boost_cv_lib_version+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +boost-lib-version = BOOST_LIB_VERSION +_ACEOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + grep -v '#' | + grep -v '^[[:space:]]*$' | + tr -d '\r' | + tr -s '\n' ' ' | + $SED -n -e "/^boost-lib-version = /{s///;s/[\" ]//g;p;q;}" >conftest.i 2>&1; then : + boost_cv_lib_version=`cat conftest.i` +fi +rm -rf conftest* +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $boost_cv_lib_version" >&5 +$as_echo "$boost_cv_lib_version" >&6; } + # e.g. "134" for 1_34_1 or "135" for 1_35 + boost_major_version=`echo "$boost_cv_lib_version" | sed 's/_//;s/_.*//'` + case $boost_major_version in #( + '' | *[!0-9]*) + as_fn_error $? "invalid value: boost_major_version='$boost_major_version'" "$LINENO" 5 + ;; + esac +fi +CPPFLAGS=$boost_save_CPPFLAGS + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for the toolset name used by Boost for $CXX" >&5 +$as_echo_n "checking for the toolset name used by Boost for $CXX... " >&6; } +if ${boost_cv_lib_tag+:} false; then : + $as_echo_n "(cached) " >&6 +else + boost_cv_lib_tag=unknown +if test x$boost_cv_inc_path != xno; then + ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + # The following tests are mostly inspired by boost/config/auto_link.hpp + # The list is sorted to most recent/common to oldest compiler (in order + # to increase the likelihood of finding the right compiler with the + # least number of compilation attempt). + # Beware that some tests are sensible to the order (for instance, we must + # look for MinGW before looking for GCC3). + # I used one compilation test per compiler with a #error to recognize + # each compiler so that it works even when cross-compiling (let me know + # if you know a better approach). + # Known missing tags (known from Boost's tools/build/v2/tools/common.jam): + # como, edg, kcc, bck, mp, sw, tru, xlc + # I'm not sure about my test for `il' (be careful: Intel's ICC pre-defines + # the same defines as GCC's). + for i in \ + "defined __clang__ && __clang_major__ == 12 && __clang_minor__ == 0 @ clang120" \ + "defined __clang__ && __clang_major__ == 11 && __clang_minor__ == 1 @ clang111" \ + "defined __clang__ && __clang_major__ == 11 && __clang_minor__ == 0 @ clang110" \ + "defined __clang__ && __clang_major__ == 10 && __clang_minor__ == 0 @ clang100" \ + "defined __clang__ && __clang_major__ == 9 && __clang_minor__ == 0 @ clang90" \ + "defined __clang__ && __clang_major__ == 8 && __clang_minor__ == 0 @ clang80" \ + "defined __clang__ && __clang_major__ == 7 && __clang_minor__ == 0 @ clang70" \ + "defined __clang__ && __clang_major__ == 6 && __clang_minor__ == 0 @ clang60" \ + "defined __clang__ && __clang_major__ == 5 && __clang_minor__ == 0 @ clang50" \ + "defined __clang__ && __clang_major__ == 4 && __clang_minor__ == 0 @ clang40" \ + "defined __clang__ && __clang_major__ == 3 && __clang_minor__ == 9 @ clang39" \ + "defined __clang__ && __clang_major__ == 3 && __clang_minor__ == 8 @ clang38" \ + "defined __clang__ && __clang_major__ == 3 && __clang_minor__ == 7 @ clang37" \ + "defined __GNUC__ && __GNUC__ == 11 && __GNUC_MINOR__ == 1 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw111" \ + "defined __GNUC__ && __GNUC__ == 11 && __GNUC_MINOR__ == 1 && !defined __ICC @ gcc111" \ + "defined __GNUC__ && __GNUC__ == 10 && __GNUC_MINOR__ == 3 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw103" \ + "defined __GNUC__ && __GNUC__ == 10 && __GNUC_MINOR__ == 3 && !defined __ICC @ gcc103" \ + "defined __GNUC__ && __GNUC__ == 10 && __GNUC_MINOR__ == 2 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw102" \ + "defined __GNUC__ && __GNUC__ == 10 && __GNUC_MINOR__ == 2 && !defined __ICC @ gcc102" \ + "defined __GNUC__ && __GNUC__ == 10 && __GNUC_MINOR__ == 1 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw101" \ + "defined __GNUC__ && __GNUC__ == 10 && __GNUC_MINOR__ == 1 && !defined __ICC @ gcc101" \ + "defined __GNUC__ && __GNUC__ == 9 && __GNUC_MINOR__ == 3 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw93" \ + "defined __GNUC__ && __GNUC__ == 9 && __GNUC_MINOR__ == 3 && !defined __ICC @ gcc93" \ + "defined __GNUC__ && __GNUC__ == 9 && __GNUC_MINOR__ == 2 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw92" \ + "defined __GNUC__ && __GNUC__ == 9 && __GNUC_MINOR__ == 2 && !defined __ICC @ gcc92" \ + "defined __GNUC__ && __GNUC__ == 9 && __GNUC_MINOR__ == 1 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw91" \ + "defined __GNUC__ && __GNUC__ == 9 && __GNUC_MINOR__ == 1 && !defined __ICC @ gcc91" \ + "defined __GNUC__ && __GNUC__ == 9 && __GNUC_MINOR__ == 0 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw90" \ + "defined __GNUC__ && __GNUC__ == 9 && __GNUC_MINOR__ == 0 && !defined __ICC @ gcc90" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 5 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw85" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 5 && !defined __ICC @ gcc85" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 4 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw84" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 4 && !defined __ICC @ gcc84" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 3 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw83" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 3 && !defined __ICC @ gcc83" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 2 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw82" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 2 && !defined __ICC @ gcc82" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 1 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw81" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 1 && !defined __ICC @ gcc81" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 0 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw80" \ + "defined __GNUC__ && __GNUC__ == 8 && __GNUC_MINOR__ == 0 && !defined __ICC @ gcc80" \ + "defined __GNUC__ && __GNUC__ == 7 && __GNUC_MINOR__ == 4 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw74" \ + "defined __GNUC__ && __GNUC__ == 7 && __GNUC_MINOR__ == 4 && !defined __ICC @ gcc74" \ + "defined __GNUC__ && __GNUC__ == 7 && __GNUC_MINOR__ == 3 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw73" \ + "defined __GNUC__ && __GNUC__ == 7 && __GNUC_MINOR__ == 3 && !defined __ICC @ gcc73" \ + "defined __GNUC__ && __GNUC__ == 7 && __GNUC_MINOR__ == 2 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw72" \ + "defined __GNUC__ && __GNUC__ == 7 && __GNUC_MINOR__ == 2 && !defined __ICC @ gcc72" \ + "defined __GNUC__ && __GNUC__ == 7 && __GNUC_MINOR__ == 1 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw71" \ + "defined __GNUC__ && __GNUC__ == 7 && __GNUC_MINOR__ == 1 && !defined __ICC @ gcc71" \ + "defined __GNUC__ && __GNUC__ == 7 && __GNUC_MINOR__ == 0 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw70" \ + "defined __GNUC__ && __GNUC__ == 7 && __GNUC_MINOR__ == 0 && !defined __ICC @ gcc70" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 5 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw65" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 5 && !defined __ICC @ gcc65" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 4 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw64" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 4 && !defined __ICC @ gcc64" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 3 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw63" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 3 && !defined __ICC @ gcc63" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 2 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw62" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 2 && !defined __ICC @ gcc62" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 1 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw61" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 1 && !defined __ICC @ gcc61" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 0 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw60" \ + "defined __GNUC__ && __GNUC__ == 6 && __GNUC_MINOR__ == 0 && !defined __ICC @ gcc60" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 5 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw55" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 5 && !defined __ICC @ gcc55" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 4 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw54" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 4 && !defined __ICC @ gcc54" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 3 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw53" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 3 && !defined __ICC @ gcc53" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 2 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw52" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 2 && !defined __ICC @ gcc52" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 1 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw51" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 1 && !defined __ICC @ gcc51" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 0 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw50" \ + "defined __GNUC__ && __GNUC__ == 5 && __GNUC_MINOR__ == 0 && !defined __ICC @ gcc50" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 10 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw410" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 10 && !defined __ICC @ gcc410" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 9 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw49" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 9 && !defined __ICC @ gcc49" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 8 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw48" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 8 && !defined __ICC @ gcc48" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 7 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw47" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 7 && !defined __ICC @ gcc47" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 6 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw46" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 6 && !defined __ICC @ gcc46" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 5 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw45" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 5 && !defined __ICC @ gcc45" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 4 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw44" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 4 && !defined __ICC @ gcc44" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 3 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw43" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 3 && !defined __ICC @ gcc43" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 2 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw42" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 2 && !defined __ICC @ gcc42" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 1 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw41" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 1 && !defined __ICC @ gcc41" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 0 && !defined __ICC && \ + (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw40" \ + "defined __GNUC__ && __GNUC__ == 4 && __GNUC_MINOR__ == 0 && !defined __ICC @ gcc40" \ + "defined __GNUC__ && __GNUC__ == 3 && !defined __ICC \ + && (defined WIN32 || defined WINNT || defined _WIN32 || defined __WIN32 \ + || defined __WIN32__ || defined __WINNT || defined __WINNT__) @ mgw" \ + "defined __GNUC__ && __GNUC__ == 3 && __GNUC_MINOR__ == 4 && !defined __ICC @ gcc34" \ + "defined __GNUC__ && __GNUC__ == 3 && __GNUC_MINOR__ == 3 && !defined __ICC @ gcc33" \ + "defined _MSC_VER && _MSC_VER >= 1500 @ vc90" \ + "defined _MSC_VER && _MSC_VER == 1400 @ vc80" \ + "defined __GNUC__ && __GNUC__ == 3 && __GNUC_MINOR__ == 2 && !defined __ICC @ gcc32" \ + "defined _MSC_VER && _MSC_VER == 1310 @ vc71" \ + "defined __GNUC__ && __GNUC__ == 3 && __GNUC_MINOR__ == 1 && !defined __ICC @ gcc31" \ + "defined __GNUC__ && __GNUC__ == 3 && __GNUC_MINOR__ == 0 && !defined __ICC @ gcc30" \ + "defined __BORLANDC__ @ bcb" \ + "defined __ICC && (defined __unix || defined ) @ il" \ + "defined __ICL @ iw" \ + "defined _MSC_VER && _MSC_VER == 1300 @ vc7" \ + "defined __GNUC__ && __GNUC__ == 2 && __GNUC_MINOR__ == 95 && !defined __ICC @ gcc295" \ + "defined __MWERKS__ && __MWERKS__ <= 0x32FF @ cw9" \ + "defined _MSC_VER && _MSC_VER < 1300 && !defined UNDER_CE @ vc6" \ + "defined _MSC_VER && _MSC_VER < 1300 && defined UNDER_CE @ evc4" \ + "defined __MWERKS__ && __MWERKS__ <= 0x31FF @ cw8" + do + boost_tag_test=`expr "X$i" : 'X\([^@]*\) @ '` + boost_tag=`expr "X$i" : 'X[^@]* @ \(.*\)'` + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if $boost_tag_test +/* OK */ +#else +# error $boost_tag_test +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + boost_cv_lib_tag=$boost_tag; break +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + case $boost_cv_lib_tag in #( + # Some newer (>= 1.35?) versions of Boost seem to only use "gcc" as opposed + # to "gcc41" for instance. + *-gcc | *'-gcc ') :;; #( Don't re-add -gcc: it's already in there. + gcc*) + boost_tag_x= + case $host_os in #( + darwin*) + if test $boost_major_version -ge 136; then + # The `x' added in r46793 of Boost. + boost_tag_x=x + fi;; + esac + # We can specify multiple tags in this variable because it's used by + # BOOST_FIND_LIB that does a `for tag in -$boost_cv_lib_tag' ... + boost_cv_lib_tag="$boost_tag_x$boost_cv_lib_tag -${boost_tag_x}gcc" + ;; #( + unknown) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: could not figure out which toolset name to use for $CXX" >&5 +$as_echo "$as_me: WARNING: could not figure out which toolset name to use for $CXX" >&2;} + boost_cv_lib_tag= + ;; + esac +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $boost_cv_lib_tag" >&5 +$as_echo "$boost_cv_lib_tag" >&6; } +# Check whether --enable-static-boost was given. +if test "${enable_static_boost+set}" = set; then : + enableval=$enable_static_boost; enable_static_boost=yes +else + enable_static_boost=no +fi + +# Check whether we do better use `mt' even though we weren't ask to. +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#if defined _REENTRANT || defined _MT || defined __MT__ +/* use -mt */ +#else +# error MT not needed +#endif + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + boost_guess_use_mt=: +else + boost_guess_use_mt=false +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable unit test building" >&5 +$as_echo_n "checking whether to enable unit test building... " >&6; } + # Check whether --enable-unit-tests was given. +if test "${enable_unit_tests+set}" = set; then : + enableval=$enable_unit_tests; enable_unit_tests=$enableval +else + enable_unit_tests=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_unit_tests" >&5 +$as_echo "$enable_unit_tests" >&6; } + if test "x$enable_unit_tests" != "xno"; then + UNIT_TESTS_TRUE= + UNIT_TESTS_FALSE='#' +else + UNIT_TESTS_TRUE='#' + UNIT_TESTS_FALSE= +fi + + + if test "x$enable_unit_tests" != "xno"; then : + + if test x"$boost_cv_inc_path" = xno; then + { $as_echo "$as_me:${as_lineno-$LINENO}: Boost not available, not searching for the Boost unit_test_framework library" >&5 +$as_echo "$as_me: Boost not available, not searching for the Boost unit_test_framework library" >&6;} +else +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +if test x"" = "xno"; then : + not_found_header='true' +fi +if test x"$boost_cv_inc_path" = xno; then + $not_found_header +else +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +boost_save_CPPFLAGS=$CPPFLAGS +CPPFLAGS="$CPPFLAGS $BOOST_CPPFLAGS" +ac_fn_cxx_check_header_mongrel "$LINENO" "boost/test/unit_test.hpp" "ac_cv_header_boost_test_unit_test_hpp" "$ac_includes_default" +if test "x$ac_cv_header_boost_test_unit_test_hpp" = xyes; then : + +$as_echo "#define HAVE_BOOST_TEST_UNIT_TEST_HPP 1" >>confdefs.h + +else + $not_found_header +fi + + +CPPFLAGS=$boost_save_CPPFLAGS +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +fi + +boost_save_CPPFLAGS=$CPPFLAGS +CPPFLAGS="$CPPFLAGS $BOOST_CPPFLAGS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for the Boost unit_test_framework library" >&5 +$as_echo_n "checking for the Boost unit_test_framework library... " >&6; } +if ${boost_cv_lib_unit_test_framework+:} false; then : + $as_echo_n "(cached) " >&6 +else + boost_cv_lib_unit_test_framework=no + case "mt" in #( + (mt | mt-) boost_mt=-mt; boost_rtopt=;; #( + (mt* | mt-*) boost_mt=-mt; boost_rtopt=`expr "Xmt" : 'Xmt-*\(.*\)'`;; #( + (*) boost_mt=; boost_rtopt=mt;; + esac + if test $enable_static_boost = yes; then + boost_rtopt="s$boost_rtopt" + fi + # Find the proper debug variant depending on what we've been asked to find. + case $boost_rtopt in #( + (*d*) boost_rt_d=$boost_rtopt;; #( + (*[sgpn]*) # Insert the `d' at the right place (in between `sg' and `pn') + boost_rt_d=`echo "$boost_rtopt" | sed 's/\(s*g*\)\(p*n*\)/\1\2/'`;; #( + (*) boost_rt_d='-d';; + esac + # If the PREFERRED-RT-OPT are not empty, prepend a `-'. + test -n "$boost_rtopt" && boost_rtopt="-$boost_rtopt" + $boost_guess_use_mt && boost_mt=-mt + # Look for the abs path the static archive. + # $libext is computed by Libtool but let's make sure it's non empty. + test -z "$libext" && + as_fn_error $? "the libext variable is empty, did you invoke Libtool?" "$LINENO" 5 + boost_save_ac_objext=$ac_objext + # Generate the test file. + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +using boost::unit_test::test_suite; + test_suite* init_unit_test_suite(int argc, char ** argv) + { return NULL; } +int +main () +{ +BOOST_CHECK(2 == 2); + ; + return 0; +} +_ACEOF + if ac_fn_cxx_try_compile "$LINENO"; then : + ac_objext=do_not_rm_me_plz +else + if test x"" != x"no"; then : + + as_fn_error $? "cannot compile a test that uses Boost unit_test_framework" "$LINENO" 5 + +fi + +fi +rm -f core conftest.err conftest.$ac_objext + ac_objext=$boost_save_ac_objext + boost_failed_libs= +# Don't bother to ident the following nested for loops, only the 2 +# innermost ones matter. +for boost_lib_ in unit_test_framework; do +for boost_tag_ in -$boost_cv_lib_tag ''; do +for boost_ver_ in -$boost_cv_lib_version ''; do +for boost_mt_ in $boost_mt -mt ''; do +for boost_rtopt_ in $boost_rtopt '' -d; do + for boost_full_suffix in \ + $boost_last_suffix \ + x$boost_tag_$boost_mt_$boost_rtopt_$boost_ver_ \ + x$boost_tag_$boost_rtopt_$boost_ver_ \ + x$boost_tag_$boost_mt_$boost_ver_ \ + x$boost_tag_$boost_ver_ + do + boost_real_suffix=`echo "$boost_full_suffix" | sed 's/^x//'` + boost_lib="boost_$boost_lib_$boost_real_suffix" + # Avoid testing twice the same lib + case $boost_failed_libs in #( + (*@$boost_lib@*) continue;; + esac + # If with_boost is empty, we'll search in /lib first, which is not quite + # right so instead we'll try to a location based on where the headers are. + boost_tmp_lib=$with_boost + test x"$with_boost" = x && boost_tmp_lib=${boost_cv_inc_path%/include} + for boost_ldpath in "$boost_tmp_lib/lib" '' \ + /opt/local/lib* /usr/local/lib* /opt/lib* /usr/lib* \ + "$with_boost" C:/Boost/lib /lib* + do + # Don't waste time with directories that don't exist. + if test x"$boost_ldpath" != x && test ! -e "$boost_ldpath"; then + continue + fi + boost_save_LDFLAGS=$LDFLAGS + # Are we looking for a static library? + case $boost_ldpath:$boost_rtopt_ in #( + (*?*:*s*) # Yes (Non empty boost_ldpath + s in rt opt) + boost_cv_lib_unit_test_framework_LIBS="$boost_ldpath/lib$boost_lib.$libext" + test -e "$boost_cv_lib_unit_test_framework_LIBS" || continue;; #( + (*) # No: use -lboost_foo to find the shared library. + boost_cv_lib_unit_test_framework_LIBS="-l$boost_lib";; + esac + boost_save_LIBS=$LIBS + LIBS="$boost_cv_lib_unit_test_framework_LIBS $LIBS" + test x"$boost_ldpath" != x && LDFLAGS="$LDFLAGS -L$boost_ldpath" + rm -f conftest$ac_exeext +boost_save_ac_ext=$ac_ext +boost_use_source=: +# If we already have a .o, re-use it. We change $ac_ext so that $ac_link +# tries to link the existing object file instead of compiling from source. +test -f conftest.$ac_objext && ac_ext=$ac_objext && boost_use_source=false && + $as_echo "$as_me:${as_lineno-$LINENO}: re-using the existing conftest.$ac_objext" >&5 +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_executable_p conftest$ac_exeext + }; then : + boost_cv_lib_unit_test_framework=yes +else + if $boost_use_source; then + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + fi + boost_cv_lib_unit_test_framework=no +fi +ac_objext=$boost_save_ac_objext +ac_ext=$boost_save_ac_ext +rm -f core conftest.err conftest_ipa8_conftest.oo \ + conftest$ac_exeext + ac_objext=$boost_save_ac_objext + LDFLAGS=$boost_save_LDFLAGS + LIBS=$boost_save_LIBS + if test x"$boost_cv_lib_unit_test_framework" = xyes; then + # Check or used cached result of whether or not using -R or + # -rpath makes sense. Some implementations of ld, such as for + # Mac OSX, require -rpath but -R is the flag known to work on + # other systems. https://github.com/tsuna/boost.m4/issues/19 + if ${boost_cv_rpath_link_ldflag+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $boost_ldpath in + '') # Nothing to do. + boost_cv_rpath_link_ldflag= + boost_rpath_link_ldflag_found=yes;; + *) + for boost_cv_rpath_link_ldflag in -Wl,-R, -Wl,-rpath,; do + LDFLAGS="$boost_save_LDFLAGS -L$boost_ldpath $boost_cv_rpath_link_ldflag$boost_ldpath" + LIBS="$boost_cv_lib_unit_test_framework_LIBS $boost_save_LIBS" + rm -f conftest$ac_exeext +boost_save_ac_ext=$ac_ext +boost_use_source=: +# If we already have a .o, re-use it. We change $ac_ext so that $ac_link +# tries to link the existing object file instead of compiling from source. +test -f conftest.$ac_objext && ac_ext=$ac_objext && boost_use_source=false && + $as_echo "$as_me:${as_lineno-$LINENO}: re-using the existing conftest.$ac_objext" >&5 +if { { ac_try="$ac_link" +case "(($ac_try" in + *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; + *) ac_try_echo=$ac_try;; +esac +eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" +$as_echo "$ac_try_echo"; } >&5 + (eval "$ac_link") 2>conftest.err + ac_status=$? + if test -s conftest.err; then + grep -v '^ *+' conftest.err >conftest.er1 + cat conftest.er1 >&5 + mv -f conftest.er1 conftest.err + fi + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; } && { + test -z "$ac_cxx_werror_flag" || + test ! -s conftest.err + } && test -s conftest$ac_exeext && { + test "$cross_compiling" = yes || + $as_executable_p conftest$ac_exeext + }; then : + boost_rpath_link_ldflag_found=yes + break +else + if $boost_use_source; then + $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + fi + boost_rpath_link_ldflag_found=no +fi +ac_objext=$boost_save_ac_objext +ac_ext=$boost_save_ac_ext +rm -f core conftest.err conftest_ipa8_conftest.oo \ + conftest$ac_exeext + done + ;; + esac + if test "x$boost_rpath_link_ldflag_found" != "xyes"; then : + as_fn_error $? "Unable to determine whether to use -R or -rpath" "$LINENO" 5 +fi + LDFLAGS=$boost_save_LDFLAGS + LIBS=$boost_save_LIBS + +fi + + test x"$boost_ldpath" != x && + boost_cv_lib_unit_test_framework_LDFLAGS="-L$boost_ldpath $boost_cv_rpath_link_ldflag$boost_ldpath" + boost_cv_lib_unit_test_framework_LDPATH="$boost_ldpath" + boost_last_suffix="$boost_full_suffix" + break 7 + else + boost_failed_libs="$boost_failed_libs@$boost_lib@" + fi + done + done +done +done +done +done +done # boost_lib_ +rm -f conftest.$ac_objext + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $boost_cv_lib_unit_test_framework" >&5 +$as_echo "$boost_cv_lib_unit_test_framework" >&6; } +case $boost_cv_lib_unit_test_framework in #( + (yes) $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + +$as_echo "#define HAVE_BOOST_UNIT_TEST_FRAMEWORK 1" >>confdefs.h + BOOST_UNIT_TEST_FRAMEWORK_LDFLAGS=$boost_cv_lib_unit_test_framework_LDFLAGS + BOOST_UNIT_TEST_FRAMEWORK_LDPATH=$boost_cv_lib_unit_test_framework_LDPATH + BOOST_LDPATH=$boost_cv_lib_unit_test_framework_LDPATH + BOOST_UNIT_TEST_FRAMEWORK_LIBS=$boost_cv_lib_unit_test_framework_LIBS + ;; + (no) $as_echo "$as_me: failed program was:" >&5 +sed 's/^/| /' conftest.$ac_ext >&5 + + if test x"" != "xno"; then : + + as_fn_error $? "cannot find flags to link with the Boost unit_test_framework library (libboost-unit_test_framework)" "$LINENO" 5 + +fi + ;; +esac +CPPFLAGS=$boost_save_CPPFLAGS +ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu +fi + + + + if test "$boost_cv_lib_unit_test_framework" = "no"; then : + + as_fn_error $? "Boost Unit Test library not found" "$LINENO" 5 + +fi + +fi + + + HAVE_RE2=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we should compile in libre2 for dnsdist" >&5 +$as_echo_n "checking if we should compile in libre2 for dnsdist... " >&6; } + +# Check whether --with-re2 was given. +if test "${with_re2+set}" = set; then : + withval=$with_re2; with_re2=$withval +else + with_re2=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_re2" >&5 +$as_echo "$with_re2" >&6; } + if test "x$with_re2" = "xyes"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for RE2" >&5 +$as_echo_n "checking for RE2... " >&6; } + +if test -n "$RE2_CFLAGS"; then + pkg_cv_RE2_CFLAGS="$RE2_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"re2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "re2") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_RE2_CFLAGS=`$PKG_CONFIG --cflags "re2" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$RE2_LIBS"; then + pkg_cv_RE2_LIBS="$RE2_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"re2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "re2") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_RE2_LIBS=`$PKG_CONFIG --libs "re2" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + RE2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "re2" 2>&1` + else + RE2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "re2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$RE2_PKG_ERRORS" >&5 + + + ac_fn_cxx_check_header_mongrel "$LINENO" "re2/re2.h" "ac_cv_header_re2_re2_h" "$ac_includes_default" +if test "x$ac_cv_header_re2_re2_h" = xyes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lre2" >&5 +$as_echo_n "checking for main in -lre2... " >&6; } +if ${ac_cv_lib_re2_main+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lre2 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_lib_re2_main=yes +else + ac_cv_lib_re2_main=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_re2_main" >&5 +$as_echo "$ac_cv_lib_re2_main" >&6; } +if test "x$ac_cv_lib_re2_main" = xyes; then : + + HAVE_RE2=1 + RE2_LIBS="-lre2" +else + : +fi + + +fi + + + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + ac_fn_cxx_check_header_mongrel "$LINENO" "re2/re2.h" "ac_cv_header_re2_re2_h" "$ac_includes_default" +if test "x$ac_cv_header_re2_re2_h" = xyes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lre2" >&5 +$as_echo_n "checking for main in -lre2... " >&6; } +if ${ac_cv_lib_re2_main+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lre2 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_lib_re2_main=yes +else + ac_cv_lib_re2_main=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_re2_main" >&5 +$as_echo "$ac_cv_lib_re2_main" >&6; } +if test "x$ac_cv_lib_re2_main" = xyes; then : + + HAVE_RE2=1 + RE2_LIBS="-lre2" +else + : +fi + + +fi + + + +else + RE2_CFLAGS=$pkg_cv_RE2_CFLAGS + RE2_LIBS=$pkg_cv_RE2_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + HAVE_RE2=1 +fi + if test "$HAVE_RE2" -ne 1; then : + as_fn_error $? "Could not find libre2" "$LINENO" 5 +fi + +fi + if test "$HAVE_RE2" -eq 1; then + HAVE_RE2_TRUE= + HAVE_RE2_FALSE='#' +else + HAVE_RE2_TRUE='#' + HAVE_RE2_FALSE= +fi + + if test "$HAVE_RE2" -eq 1; then : + +$as_echo "#define HAVE_RE2 1" >>confdefs.h + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable DNSCrypt support" >&5 +$as_echo_n "checking whether to enable DNSCrypt support... " >&6; } + # Check whether --enable-dnscrypt was given. +if test "${enable_dnscrypt+set}" = set; then : + enableval=$enable_dnscrypt; enable_dnscrypt=$enableval +else + enable_dnscrypt=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_dnscrypt" >&5 +$as_echo "$enable_dnscrypt" >&6; } + if test "x$enable_dnscrypt" != "xno"; then + DNSCRYPT_TRUE= + DNSCRYPT_FALSE='#' +else + DNSCRYPT_TRUE='#' + DNSCRYPT_FALSE= +fi + + + if test -z "$DNSCRYPT_TRUE"; then : + + if test -z "$LIBSODIUM_TRUE"; then : + + +$as_echo "#define HAVE_DNSCRYPT 1" >>confdefs.h + + +else + + as_fn_error $? "dnscrypt support requested but libsodium is not available" "$LINENO" 5 + +fi + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we have eBPF support" >&5 +$as_echo_n "checking if we have eBPF support... " >&6; } + +# Check whether --with-ebpf was given. +if test "${with_ebpf+set}" = set; then : + withval=$with_ebpf; with_ebpf=$withval +else + with_ebpf=auto +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_ebpf" >&5 +$as_echo "$with_ebpf" >&6; } + + if test "x$with_ebpf" != "xno"; then : + + if test "x$with_ebpf" = "xyes" -o "x$with_ebpf" = "xauto"; then : + + for ac_header in linux/bpf.h +do : + ac_fn_cxx_check_header_mongrel "$LINENO" "linux/bpf.h" "ac_cv_header_linux_bpf_h" "$ac_includes_default" +if test "x$ac_cv_header_linux_bpf_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LINUX_BPF_H 1 +_ACEOF + bpf_headers=yes +else + bpf_headers=no +fi + +done + + +fi + +fi + if test "x$with_ebpf" = "xyes"; then : + + if test x"$bpf_headers" = "no"; then : + + as_fn_error $? "EBPF support requested but required eBPF headers were not found" "$LINENO" 5 + +fi + +fi + if test x"$bpf_headers" = "xyes" ; then + HAVE_EBPF_TRUE= + HAVE_EBPF_FALSE='#' +else + HAVE_EBPF_TRUE='#' + HAVE_EBPF_FALSE= +fi + + if test x"$bpf_headers" = "xyes" ; then : + ac_fn_cxx_check_decl "$LINENO" "BPF_FUNC_tail_call" "ac_cv_have_decl_BPF_FUNC_tail_call" "#include + + +" +if test "x$ac_cv_have_decl_BPF_FUNC_tail_call" = xyes; then : + ac_fn_cxx_check_decl "$LINENO" "SO_ATTACH_BPF" "ac_cv_have_decl_SO_ATTACH_BPF" "#include + + +" +if test "x$ac_cv_have_decl_SO_ATTACH_BPF" = xyes; then : + +$as_echo "#define HAVE_EBPF 1" >>confdefs.h + +else + if test "x$with_ebpf" = "xyes"; then : + + as_fn_error $? "EBPF support requested but SO_ATTACH_BPF not found" "$LINENO" 5 + +fi +fi + +else + if test "x$with_ebpf" = "xyes"; then : + + as_fn_error $? "EBPF support requested but BPF_FUNC_tail_call not found in the eBPF headers" "$LINENO" 5 + +fi +fi + + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking if we need to link in Net SNMP" >&5 +$as_echo_n "checking if we need to link in Net SNMP... " >&6; } + +# Check whether --with-net-snmp was given. +if test "${with_net_snmp+set}" = set; then : + withval=$with_net_snmp; with_net_snmp=$withval +else + with_net_snmp=auto +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_net_snmp" >&5 +$as_echo "$with_net_snmp" >&6; } + + if test "x$with_net_snmp" != "xno"; then : + + if test "x$with_net_snmp" = "xyes" -o "x$with_net_snmp" = "xauto"; then : + + # Extract the first word of "net-snmp-config", so it can be a program name with args. +set dummy net-snmp-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_NET_SNMP_CFLAGS+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NET_SNMP_CFLAGS"; then + ac_cv_prog_NET_SNMP_CFLAGS="$NET_SNMP_CFLAGS" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_NET_SNMP_CFLAGS="`net-snmp-config --cflags`" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +NET_SNMP_CFLAGS=$ac_cv_prog_NET_SNMP_CFLAGS +if test -n "$NET_SNMP_CFLAGS"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NET_SNMP_CFLAGS" >&5 +$as_echo "$NET_SNMP_CFLAGS" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + # Extract the first word of "net-snmp-config", so it can be a program name with args. +set dummy net-snmp-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_NET_SNMP_LIBS+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$NET_SNMP_LIBS"; then + ac_cv_prog_NET_SNMP_LIBS="$NET_SNMP_LIBS" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_NET_SNMP_LIBS="`net-snmp-config --netsnmp-agent-libs`" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +NET_SNMP_LIBS=$ac_cv_prog_NET_SNMP_LIBS +if test -n "$NET_SNMP_LIBS"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NET_SNMP_LIBS" >&5 +$as_echo "$NET_SNMP_LIBS" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + ac_fn_cxx_check_decl "$LINENO" "snmp_select_info2" "ac_cv_have_decl_snmp_select_info2" "$ac_includes_default + #include + #include + #include + #include + #include + #include + +" +if test "x$ac_cv_have_decl_snmp_select_info2" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SNMP_SELECT_INFO2 $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define HAVE_SNMP_SELECT_INFO2 1" >>confdefs.h + + +else + : +fi + + +fi + +fi + if test "x$with_net_snmp" = "xyes"; then : + + if test x"$NET_SNMP_LIBS" = "x"; then : + + as_fn_error $? "Net SNMP requested but libraries were not found" "$LINENO" 5 + +fi + +fi + if test x"$NET_SNMP_LIBS" != "x"; then + HAVE_NET_SNMP_TRUE= + HAVE_NET_SNMP_FALSE='#' +else + HAVE_NET_SNMP_TRUE='#' + HAVE_NET_SNMP_FALSE= +fi + + if test x"$NET_SNMP_LIBS" != "x"; then : + +$as_echo "#define HAVE_NET_SNMP 1" >>confdefs.h + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we will be linking in libcap" >&5 +$as_echo_n "checking whether we will be linking in libcap... " >&6; } + HAVE_LIBCAPS=0 + +# Check whether --with-libcap was given. +if test "${with_libcap+set}" = set; then : + withval=$with_libcap; with_libcap=$withval +else + with_libcap=auto +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_libcap" >&5 +$as_echo "$with_libcap" >&6; } + + if test "x$with_libcap" != "xno"; then : + + if test "x$with_libcap" = "xyes" -o "x$with_libcap" = "xauto"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBCAP" >&5 +$as_echo_n "checking for LIBCAP... " >&6; } + +if test -n "$LIBCAP_CFLAGS"; then + pkg_cv_LIBCAP_CFLAGS="$LIBCAP_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcap \""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcap ") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBCAP_CFLAGS=`$PKG_CONFIG --cflags "libcap " 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LIBCAP_LIBS"; then + pkg_cv_LIBCAP_LIBS="$LIBCAP_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcap \""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcap ") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBCAP_LIBS=`$PKG_CONFIG --libs "libcap " 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBCAP_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libcap " 2>&1` + else + LIBCAP_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libcap " 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBCAP_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LIBCAP_CFLAGS=$pkg_cv_LIBCAP_CFLAGS + LIBCAP_LIBS=$pkg_cv_LIBCAP_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + HAVE_LIBCAP=1 + +$as_echo "#define HAVE_LIBCAP 1" >>confdefs.h + + +fi + +fi + +fi + if test "x$LIBCAP_LIBS" != "x"; then + HAVE_LIBCAP_TRUE= + HAVE_LIBCAP_FALSE='#' +else + HAVE_LIBCAP_TRUE='#' + HAVE_LIBCAP_FALSE= +fi + + if test "x$with_libcap" = "xyes"; then : + + if test x"$LIBCAP_LIBS" = "x"; then : + + as_fn_error $? "libcap requested but libraries were not found" "$LINENO" 5 + +fi + +fi + + + + + +# Check whether --enable-systemd was given. +if test "${enable_systemd+set}" = set; then : + enableval=$enable_systemd; +fi + + +if test "x$enable_systemd" = "xno"; then : + + ax_cv_systemd="n" + +elif test "x$enable_systemd" = "xyes"; then : + + ax_cv_systemd="y" + +elif test -z $ax_cv_systemd; then : + + ax_cv_systemd="n" + +fi +systemd=$ax_cv_systemd + + + + +# Check whether --with-systemd was given. +if test "${with_systemd+set}" = set; then : + withval=$with_systemd; SYSTEMD_DIR="$withval" +else + SYSTEMD_DIR="" +fi + + + + +# Check whether --with-systemd was given. +if test "${with_systemd+set}" = set; then : + withval=$with_systemd; SYSTEMD_MODULES_LOAD="$withval" +else + SYSTEMD_MODULES_LOAD="" +fi + + + + + + ac_fn_cxx_check_header_mongrel "$LINENO" "systemd/sd-daemon.h" "ac_cv_header_systemd_sd_daemon_h" "$ac_includes_default" +if test "x$ac_cv_header_systemd_sd_daemon_h" = xyes; then : + + for libname in systemd-daemon systemd; do + as_ac_Lib=`$as_echo "ac_cv_lib_$libname''_sd_listen_fds" | $as_tr_sh` +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for sd_listen_fds in -l$libname" >&5 +$as_echo_n "checking for sd_listen_fds in -l$libname... " >&6; } +if eval \${$as_ac_Lib+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-l$libname $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char sd_listen_fds (); +int +main () +{ +return sd_listen_fds (); + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + eval "$as_ac_Lib=yes" +else + eval "$as_ac_Lib=no" +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +eval ac_res=\$$as_ac_Lib + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } +if eval test \"x\$"$as_ac_Lib"\" = x"yes"; then : + + libsystemd_daemon="lib$libname" + systemd=y + libsystemd=y + +fi + + done + +fi + + + + + if test "x$enable_systemd" != "xno"; then : + + if test "x$systemd" = "xy" ; then : + + +$as_echo "#define HAVE_SYSTEMD 1" >>confdefs.h + + systemd=y + + + if test "x$libsystemd" = x; then : + + as_fn_error $? "Unable to find a suitable libsystemd library" "$LINENO" 5 + +fi + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SYSTEMD" >&5 +$as_echo_n "checking for SYSTEMD... " >&6; } + +if test -n "$SYSTEMD_CFLAGS"; then + pkg_cv_SYSTEMD_CFLAGS="$SYSTEMD_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$libsystemd_daemon\""; } >&5 + ($PKG_CONFIG --exists --print-errors "$libsystemd_daemon") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_CFLAGS=`$PKG_CONFIG --cflags "$libsystemd_daemon" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$SYSTEMD_LIBS"; then + pkg_cv_SYSTEMD_LIBS="$SYSTEMD_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$libsystemd_daemon\""; } >&5 + ($PKG_CONFIG --exists --print-errors "$libsystemd_daemon") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SYSTEMD_LIBS=`$PKG_CONFIG --libs "$libsystemd_daemon" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$libsystemd_daemon" 2>&1` + else + SYSTEMD_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$libsystemd_daemon" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$SYSTEMD_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements ($libsystemd_daemon) were not met: + +$SYSTEMD_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables SYSTEMD_CFLAGS +and SYSTEMD_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables SYSTEMD_CFLAGS +and SYSTEMD_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + SYSTEMD_CFLAGS=$pkg_cv_SYSTEMD_CFLAGS + SYSTEMD_LIBS=$pkg_cv_SYSTEMD_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + + + + if test "x$SYSTEMD_DIR" = x; then : + + SYSTEMD_DIR="\$(prefix)/lib/systemd/system/" + +fi + + if test "x$SYSTEMD_DIR" = x; then : + + as_fn_error $? "SYSTEMD_DIR is unset" "$LINENO" 5 + +fi + + if test "x$SYSTEMD_MODULES_LOAD" = x; then : + + SYSTEMD_MODULES_LOAD="\$(prefix)/lib/modules-load.d/" + +fi + + if test "x$SYSTEMD_MODULES_LOAD" = x; then : + + as_fn_error $? "SYSTEMD_MODULES_LOAD is unset" "$LINENO" 5 + +fi + + +else + systemd=n +fi + +else + systemd=n +fi + + + + if test x"$systemd" = "xy"; then : + + # Extract the first word of "systemctl", so it can be a program name with args. +set dummy systemctl; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_SYSTEMCTL+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $SYSTEMCTL in + [\\/]* | ?:[\\/]*) + ac_cv_path_SYSTEMCTL="$SYSTEMCTL" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_SYSTEMCTL="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + test -z "$ac_cv_path_SYSTEMCTL" && ac_cv_path_SYSTEMCTL="no" + ;; +esac +fi +SYSTEMCTL=$ac_cv_path_SYSTEMCTL +if test -n "$SYSTEMCTL"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $SYSTEMCTL" >&5 +$as_echo "$SYSTEMCTL" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + if test "$SYSTEMCTL" = "no"; then : + as_fn_error $? "systemctl not found" "$LINENO" 5 +else + + _systemd_version=`${SYSTEMCTL} --version|head -1 |cut -d" " -f 2` + if test $_systemd_version -ge 183; then + systemd_private_tmp=y + fi + if test $_systemd_version -ge 209; then + systemd_system_call_architectures=y + systemd_private_devices=y + fi + if test $_systemd_version -ge 211; then + systemd_restrict_address_families=y + fi + if test $_systemd_version -ge 214; then + systemd_protect_system=y + systemd_protect_home=y + fi + if test $_systemd_version -ge 231; then + systemd_restrict_realtime=y + systemd_memory_deny_write_execute=y + fi + if test $_systemd_version -ge 232; then + systemd_protect_control_groups=y + systemd_protect_kernel_modules=y + systemd_protect_kernel_tunables=y + systemd_remove_ipc=y + systemd_dynamic_user=y + systemd_private_users=y + systemd_protect_system_strict=y + fi + if test $_systemd_version -ge 233; then + systemd_restrict_namespaces=y + fi + if test $_systemd_version -ge 235; then + systemd_lock_personality=y + # while SystemCallFilter is technically available starting with 187, + # we use the pre-defined call filter sets that have been introduced later. + # Initial support for these landed in 231 + # @filesystem @reboot @swap in 233 + # @aio, @sync, @chown, @setuid, @memlock, @signal and @timer in 235 + systemd_system_call_filter=y + fi + if test $_systemd_version -ge 236; then + systemd_percent_t=y + fi + if test $_systemd_version -ge 239; then + systemd_private_mounts=y + fi + if test $_systemd_version -ge 240; then + systemd_with_runtime_dir_env=y + fi + if test $_systemd_version -ge 242; then + systemd_protect_hostname=y + systemd_restrict_suidsgid=y + fi + if test $_systemd_version -ge 244; then + systemd_protect_kernel_logs=y + fi + if test $_systemd_version -ge 245; then + systemd_protect_clock=y + fi + +fi + +fi + if test x"$systemd_dynamic_user" = "xy" ; then + HAVE_SYSTEMD_DYNAMIC_USER_TRUE= + HAVE_SYSTEMD_DYNAMIC_USER_FALSE='#' +else + HAVE_SYSTEMD_DYNAMIC_USER_TRUE='#' + HAVE_SYSTEMD_DYNAMIC_USER_FALSE= +fi + + if test x"$systemd_lock_personality" = "xy" ; then + HAVE_SYSTEMD_LOCK_PERSONALITY_TRUE= + HAVE_SYSTEMD_LOCK_PERSONALITY_FALSE='#' +else + HAVE_SYSTEMD_LOCK_PERSONALITY_TRUE='#' + HAVE_SYSTEMD_LOCK_PERSONALITY_FALSE= +fi + + if test x"$systemd_memory_deny_write_execute" = "xy" ; then + HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE_TRUE= + HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE_FALSE='#' +else + HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE_TRUE='#' + HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE_FALSE= +fi + + if test x"$systemd_percent_t" = "xy" ; then + HAVE_SYSTEMD_PERCENT_T_TRUE= + HAVE_SYSTEMD_PERCENT_T_FALSE='#' +else + HAVE_SYSTEMD_PERCENT_T_TRUE='#' + HAVE_SYSTEMD_PERCENT_T_FALSE= +fi + + if test x"$systemd_private_devices" = "xy" ; then + HAVE_SYSTEMD_PRIVATE_DEVICES_TRUE= + HAVE_SYSTEMD_PRIVATE_DEVICES_FALSE='#' +else + HAVE_SYSTEMD_PRIVATE_DEVICES_TRUE='#' + HAVE_SYSTEMD_PRIVATE_DEVICES_FALSE= +fi + + if test x"$systemd_private_mounts" = "xy" ; then + HAVE_SYSTEMD_PRIVATE_MOUNTS_TRUE= + HAVE_SYSTEMD_PRIVATE_MOUNTS_FALSE='#' +else + HAVE_SYSTEMD_PRIVATE_MOUNTS_TRUE='#' + HAVE_SYSTEMD_PRIVATE_MOUNTS_FALSE= +fi + + if test x"$systemd_private_tmp" = "xy" ; then + HAVE_SYSTEMD_PRIVATE_TMP_TRUE= + HAVE_SYSTEMD_PRIVATE_TMP_FALSE='#' +else + HAVE_SYSTEMD_PRIVATE_TMP_TRUE='#' + HAVE_SYSTEMD_PRIVATE_TMP_FALSE= +fi + + if test x"$systemd_private_users" = "xy" ; then + HAVE_SYSTEMD_PRIVATE_USERS_TRUE= + HAVE_SYSTEMD_PRIVATE_USERS_FALSE='#' +else + HAVE_SYSTEMD_PRIVATE_USERS_TRUE='#' + HAVE_SYSTEMD_PRIVATE_USERS_FALSE= +fi + + if test x"$systemd_protect_clock" = "xy" ; then + HAVE_SYSTEMD_PROTECT_CLOCK_TRUE= + HAVE_SYSTEMD_PROTECT_CLOCK_FALSE='#' +else + HAVE_SYSTEMD_PROTECT_CLOCK_TRUE='#' + HAVE_SYSTEMD_PROTECT_CLOCK_FALSE= +fi + + if test x"$systemd_protect_control_groups" = "xy" ; then + HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS_TRUE= + HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS_FALSE='#' +else + HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS_TRUE='#' + HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS_FALSE= +fi + + if test x"$systemd_protect_home" = "xy" ; then + HAVE_SYSTEMD_PROTECT_HOME_TRUE= + HAVE_SYSTEMD_PROTECT_HOME_FALSE='#' +else + HAVE_SYSTEMD_PROTECT_HOME_TRUE='#' + HAVE_SYSTEMD_PROTECT_HOME_FALSE= +fi + + if test x"$systemd_protect_hostname" = "xy" ; then + HAVE_SYSTEMD_PROTECT_HOSTNAME_TRUE= + HAVE_SYSTEMD_PROTECT_HOSTNAME_FALSE='#' +else + HAVE_SYSTEMD_PROTECT_HOSTNAME_TRUE='#' + HAVE_SYSTEMD_PROTECT_HOSTNAME_FALSE= +fi + + if test x"$systemd_protect_kernel_logs" = "xy" ; then + HAVE_SYSTEMD_PROTECT_KERNEL_LOGS_TRUE= + HAVE_SYSTEMD_PROTECT_KERNEL_LOGS_FALSE='#' +else + HAVE_SYSTEMD_PROTECT_KERNEL_LOGS_TRUE='#' + HAVE_SYSTEMD_PROTECT_KERNEL_LOGS_FALSE= +fi + + if test x"$systemd_protect_kernel_modules" = "xy" ; then + HAVE_SYSTEMD_PROTECT_KERNEL_MODULES_TRUE= + HAVE_SYSTEMD_PROTECT_KERNEL_MODULES_FALSE='#' +else + HAVE_SYSTEMD_PROTECT_KERNEL_MODULES_TRUE='#' + HAVE_SYSTEMD_PROTECT_KERNEL_MODULES_FALSE= +fi + + if test x"$systemd_protect_kernel_tunables" = "xy" ; then + HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES_TRUE= + HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES_FALSE='#' +else + HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES_TRUE='#' + HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES_FALSE= +fi + + if test x"$systemd_protect_system" = "xy" ; then + HAVE_SYSTEMD_PROTECT_SYSTEM_TRUE= + HAVE_SYSTEMD_PROTECT_SYSTEM_FALSE='#' +else + HAVE_SYSTEMD_PROTECT_SYSTEM_TRUE='#' + HAVE_SYSTEMD_PROTECT_SYSTEM_FALSE= +fi + + if test x"$systemd_protect_system_strict" = "xy" ; then + HAVE_SYSTEMD_PROTECT_SYSTEM_STRICT_TRUE= + HAVE_SYSTEMD_PROTECT_SYSTEM_STRICT_FALSE='#' +else + HAVE_SYSTEMD_PROTECT_SYSTEM_STRICT_TRUE='#' + HAVE_SYSTEMD_PROTECT_SYSTEM_STRICT_FALSE= +fi + + if test x"$systemd_remove_ipc" = "xy" ; then + HAVE_SYSTEMD_REMOVE_IPC_TRUE= + HAVE_SYSTEMD_REMOVE_IPC_FALSE='#' +else + HAVE_SYSTEMD_REMOVE_IPC_TRUE='#' + HAVE_SYSTEMD_REMOVE_IPC_FALSE= +fi + + if test x"$systemd_restrict_address_families" = "xy" ; then + HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES_TRUE= + HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES_FALSE='#' +else + HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES_TRUE='#' + HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES_FALSE= +fi + + if test x"$systemd_restrict_namespaces" = "xy" ; then + HAVE_SYSTEMD_RESTRICT_NAMESPACES_TRUE= + HAVE_SYSTEMD_RESTRICT_NAMESPACES_FALSE='#' +else + HAVE_SYSTEMD_RESTRICT_NAMESPACES_TRUE='#' + HAVE_SYSTEMD_RESTRICT_NAMESPACES_FALSE= +fi + + if test x"$systemd_restrict_realtime" = "xy" ; then + HAVE_SYSTEMD_RESTRICT_REALTIME_TRUE= + HAVE_SYSTEMD_RESTRICT_REALTIME_FALSE='#' +else + HAVE_SYSTEMD_RESTRICT_REALTIME_TRUE='#' + HAVE_SYSTEMD_RESTRICT_REALTIME_FALSE= +fi + + if test x"$systemd_restrict_suidsgid" = "xy" ; then + HAVE_SYSTEMD_RESTRICT_SUIDSGID_TRUE= + HAVE_SYSTEMD_RESTRICT_SUIDSGID_FALSE='#' +else + HAVE_SYSTEMD_RESTRICT_SUIDSGID_TRUE='#' + HAVE_SYSTEMD_RESTRICT_SUIDSGID_FALSE= +fi + + if test x"$systemd_system_call_architectures" = "xy" ; then + HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES_TRUE= + HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES_FALSE='#' +else + HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES_TRUE='#' + HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES_FALSE= +fi + + if test x"$systemd_system_call_filter" = "xy" ; then + HAVE_SYSTEMD_SYSTEM_CALL_FILTER_TRUE= + HAVE_SYSTEMD_SYSTEM_CALL_FILTER_FALSE='#' +else + HAVE_SYSTEMD_SYSTEM_CALL_FILTER_TRUE='#' + HAVE_SYSTEMD_SYSTEM_CALL_FILTER_FALSE= +fi + + if test x"$systemd_with_runtime_dir_env" = "xy" ; then + HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV_TRUE= + HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV_FALSE='#' +else + HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV_TRUE='#' + HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV_FALSE= +fi + + + if test x"$systemd" = "xy" ; then + HAVE_SYSTEMD_TRUE= + HAVE_SYSTEMD_FALSE='#' +else + HAVE_SYSTEMD_TRUE='#' + HAVE_SYSTEMD_FALSE= +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking What user and group will be used by service" >&5 +$as_echo_n "checking What user and group will be used by service... " >&6; } + +# Check whether --with-service-user was given. +if test "${with_service_user+set}" = set; then : + withval=$with_service_user; service_user=$withval + +else + service_user=dnsdist + + +fi + + + +# Check whether --with-service-group was given. +if test "${with_service_group+set}" = set; then : + withval=$with_service_group; service_group=$withval + +else + service_group=dnsdist + + +fi + + + if test -z "$service_user"; then : + as_fn_error $? "No service user has been defined!" "$LINENO" 5 +else + : +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $service_user" >&5 +$as_echo "$service_user" >&6; } + + + + + + for ac_func in $ac_func_list +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_cxx_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + + + + + +YAHTTP_CFLAGS='-I$(top_srcdir)/ext/yahttp' + +YAHTTP_LIBS='$(top_builddir)/ext/yahttp/yahttp/libyahttp.la' + +IPCRYPT_CFLAGS='-I$(top_srcdir)/ext/ipcrypt' + +IPCRYPT_LIBS='$(top_builddir)/ext/ipcrypt/libipcrypt.la' + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for grep that handles long lines and -e" >&5 +$as_echo_n "checking for grep that handles long lines and -e... " >&6; } +if ${ac_cv_path_GREP+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -z "$GREP"; then + ac_path_GREP_found=false + # Loop through the user's path and test for each of PROGNAME-LIST + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH$PATH_SEPARATOR/usr/xpg4/bin +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_prog in grep ggrep; do + for ac_exec_ext in '' $ac_executable_extensions; do + ac_path_GREP="$as_dir/$ac_prog$ac_exec_ext" + as_fn_executable_p "$ac_path_GREP" || continue +# Check for GNU ac_path_GREP and select it if it is found. + # Check for GNU $ac_path_GREP +case `"$ac_path_GREP" --version 2>&1` in +*GNU*) + ac_cv_path_GREP="$ac_path_GREP" ac_path_GREP_found=:;; +*) + ac_count=0 + $as_echo_n 0123456789 >"conftest.in" + while : + do + cat "conftest.in" "conftest.in" >"conftest.tmp" + mv "conftest.tmp" "conftest.in" + cp "conftest.in" "conftest.nl" + $as_echo 'GREP' >> "conftest.nl" + "$ac_path_GREP" -e 'GREP$' -e '-(cannot match)-' < "conftest.nl" >"conftest.out" 2>/dev/null || break + diff "conftest.out" "conftest.nl" >/dev/null 2>&1 || break + as_fn_arith $ac_count + 1 && ac_count=$as_val + if test $ac_count -gt ${ac_path_GREP_max-0}; then + # Best one so far, save it but keep looking for a better one + ac_cv_path_GREP="$ac_path_GREP" + ac_path_GREP_max=$ac_count + fi + # 10*(2^10) chars as input seems more than enough + test $ac_count -gt 10 && break + done + rm -f conftest.in conftest.tmp conftest.nl conftest.out;; +esac + + $ac_path_GREP_found && break 3 + done + done + done +IFS=$as_save_IFS + if test -z "$ac_cv_path_GREP"; then + as_fn_error $? "no acceptable grep could be found in $PATH$PATH_SEPARATOR/usr/xpg4/bin" "$LINENO" 5 + fi +else + ac_cv_path_GREP=$GREP +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_path_GREP" >&5 +$as_echo "$ac_cv_path_GREP" >&6; } + GREP="$ac_cv_path_GREP" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking which Lua implementation to use" >&5 +$as_echo_n "checking which Lua implementation to use... " >&6; } + +# Check whether --with-lua was given. +if test "${with_lua+set}" = set; then : + withval=$with_lua; + with_lua=$withval + +else + + with_lua=auto + +fi + + + if test "x$with_lua" = "xyes"; then : + + with_lua=auto + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_lua" >&5 +$as_echo "$with_lua" >&6; } + + if test "x$with_lua" = "xno" -a "mandatory" = "mandatory"; then : + + as_fn_error $? "--without-lua specified, but Lua is not optional" "$LINENO" 5 + +fi + + LUAPC="" + luajit_min_version='2.0.2' + lua_min_version='5.1' + + if test "x$with_lua" != "xno"; then : + + if test "x$with_lua" != "xauto"; then : + + with_lua_version=${lua_min_version} + if echo "x$with_lua" | ${GREP} 'jit' >/dev/null 2>&1; then : + with_lua_version=${luajit_min_version} +fi + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$with_lua >= \$with_lua_version\""; } >&5 + ($PKG_CONFIG --exists --print-errors "$with_lua >= $with_lua_version") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "$with_lua >= $with_lua_version" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$with_lua >= \$with_lua_version\""; } >&5 + ($PKG_CONFIG --exists --print-errors "$with_lua >= $with_lua_version") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "$with_lua >= $with_lua_version" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$with_lua >= $with_lua_version" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$with_lua >= $with_lua_version" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + + as_fn_error $? "Selected Lua ($with_lua) not found" "$LINENO" 5 + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + as_fn_error $? "Selected Lua ($with_lua) not found" "$LINENO" 5 + +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + LUAPC=$with_lua + +fi + +else + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"luajit >= \${luajit_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "luajit >= ${luajit_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "luajit >= ${luajit_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"luajit >= \${luajit_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "luajit >= ${luajit_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "luajit >= ${luajit_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "luajit >= ${luajit_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "luajit >= ${luajit_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + LUAPC=luajit + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + +fi + if test -z "$LUAPC"; then : + + found_lua=n + + if test "$found_lua" != "y"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua5.3 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua5.3 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "lua5.3 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua5.3 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua5.3 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "lua5.3 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lua5.3 >= ${lua_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lua5.3 >= ${lua_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + found_lua=y + LUAPC=lua5.3 + +fi + +fi + + if test "$found_lua" != "y"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua-5.3 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua-5.3 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "lua-5.3 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua-5.3 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua-5.3 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "lua-5.3 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lua-5.3 >= ${lua_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lua-5.3 >= ${lua_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + found_lua=y + LUAPC=lua-5.3 + +fi + +fi + + if test "$found_lua" != "y"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua53 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua53 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "lua53 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua53 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua53 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "lua53 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lua53 >= ${lua_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lua53 >= ${lua_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + found_lua=y + LUAPC=lua53 + +fi + +fi + + if test "$found_lua" != "y"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua5.2 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua5.2 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "lua5.2 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua5.2 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua5.2 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "lua5.2 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lua5.2 >= ${lua_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lua5.2 >= ${lua_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + found_lua=y + LUAPC=lua5.2 + +fi + +fi + + if test "$found_lua" != "y"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua-5.2 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua-5.2 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "lua-5.2 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua-5.2 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua-5.2 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "lua-5.2 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lua-5.2 >= ${lua_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lua-5.2 >= ${lua_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + found_lua=y + LUAPC=lua-5.2 + +fi + +fi + + if test "$found_lua" != "y"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua52 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua52 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "lua52 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua52 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua52 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "lua52 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lua52 >= ${lua_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lua52 >= ${lua_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + found_lua=y + LUAPC=lua52 + +fi + +fi + + if test "$found_lua" != "y"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua5.1 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua5.1 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "lua5.1 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua5.1 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua5.1 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "lua5.1 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lua5.1 >= ${lua_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lua5.1 >= ${lua_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + found_lua=y + LUAPC=lua5.1 + +fi + +fi + + if test "$found_lua" != "y"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua-5.1 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua-5.1 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "lua-5.1 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua-5.1 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua-5.1 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "lua-5.1 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lua-5.1 >= ${lua_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lua-5.1 >= ${lua_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + found_lua=y + LUAPC=lua-5.1 + +fi + +fi + + if test "$found_lua" != "y"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua51 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua51 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "lua51 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua51 >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua51 >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "lua51 >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lua51 >= ${lua_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lua51 >= ${lua_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + found_lua=y + LUAPC=lua51 + +fi + +fi + + if test "$found_lua" != "y"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 +$as_echo_n "checking for LUA... " >&6; } + +if test -n "$LUA_CFLAGS"; then + pkg_cv_LUA_CFLAGS="$LUA_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_CFLAGS=`$PKG_CONFIG --cflags "lua >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LUA_LIBS"; then + pkg_cv_LUA_LIBS="$LUA_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lua >= \${lua_min_version}\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lua >= ${lua_min_version}") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LUA_LIBS=`$PKG_CONFIG --libs "lua >= ${lua_min_version}" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LUA_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lua >= ${lua_min_version}" 2>&1` + else + LUA_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lua >= ${lua_min_version}" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LUA_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LUA_CFLAGS=$pkg_cv_LUA_CFLAGS + LUA_LIBS=$pkg_cv_LUA_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LUA 1" >>confdefs.h + + found_lua=y + LUAPC=lua + +fi + +fi + + +fi + +fi + +fi + + if test -z "$LUAPC" -a "mandatory" = "mandatory"; then : + + as_fn_error $? "No Lua not found, but is mandatory" "$LINENO" 5 + +fi + + if test -n "x$LUAPC"; then + LUA_TRUE= + LUA_FALSE='#' +else + LUA_TRUE='#' + LUA_FALSE= +fi + + +if test "x$LUAPC" = "xluajit"; then : + + # export all symbols to be able to use the Lua FFI interface + { $as_echo "$as_me:${as_lineno-$LINENO}: Adding -rdynamic to export all symbols for the Lua FFI interface" >&5 +$as_echo "$as_me: Adding -rdynamic to export all symbols for the Lua FFI interface" >&6;} + LDFLAGS="$LDFLAGS -rdynamic" + +fi + + + if test "x$LUAPC" != "x" ; then : + + OLD_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS $LUA_CFLAGS" + ac_fn_cxx_check_header_mongrel "$LINENO" "lua.hpp" "ac_cv_header_lua_hpp" "$ac_includes_default" +if test "x$ac_cv_header_lua_hpp" = xyes; then : + have_lua_hpp=y +fi + + + CPPFLAGS="$OLD_CPPFLAGS" + +fi + if test x"$have_lua_hpp" = "xy" ; then + HAVE_LUA_HPP_TRUE= + HAVE_LUA_HPP_FALSE='#' +else + HAVE_LUA_HPP_TRUE='#' + HAVE_LUA_HPP_FALSE= +fi + + + + if false; then + HAVE_GNUTLS_TRUE= + HAVE_GNUTLS_FALSE='#' +else + HAVE_GNUTLS_TRUE='#' + HAVE_GNUTLS_FALSE= +fi + + if false; then + HAVE_LIBSSL_TRUE= + HAVE_LIBSSL_FALSE='#' +else + HAVE_LIBSSL_TRUE='#' + HAVE_LIBSSL_FALSE= +fi + + if false; then + HAVE_LMDB_TRUE= + HAVE_LMDB_FALSE='#' +else + HAVE_LMDB_TRUE='#' + HAVE_LMDB_FALSE= +fi + + if false; then + HAVE_CDB_TRUE= + HAVE_CDB_FALSE='#' +else + HAVE_CDB_TRUE='#' + HAVE_CDB_FALSE= +fi + + + + found=false + +# Check whether --with-libcrypto was given. +if test "${with_libcrypto+set}" = set; then : + withval=$with_libcrypto; + case "$withval" in + "" | y | ye | yes | n | no) + as_fn_error $? "Invalid --with-libcrypto value" "$LINENO" 5 + ;; + *) ssldirs="$withval" + ;; + esac + +else + + # if pkg-config is installed and openssl has installed a .pc file, + # then use that information and don't search ssldirs + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$PKG_CONFIG"; then + ac_cv_prog_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_PKG_CONFIG="${ac_tool_prefix}pkg-config" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +PKG_CONFIG=$ac_cv_prog_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_prog_PKG_CONFIG"; then + ac_ct_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_ac_ct_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$ac_ct_PKG_CONFIG"; then + ac_cv_prog_ac_ct_PKG_CONFIG="$ac_ct_PKG_CONFIG" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_ac_ct_PKG_CONFIG="pkg-config" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +ac_ct_PKG_CONFIG=$ac_cv_prog_ac_ct_PKG_CONFIG +if test -n "$ac_ct_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_ct_PKG_CONFIG" >&5 +$as_echo "$ac_ct_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_ct_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_ct_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_prog_PKG_CONFIG" +fi + + if test x"$PKG_CONFIG" != x""; then + LIBCRYPTO_LDFLAGS=`$PKG_CONFIG libcrypto --libs-only-L 2>/dev/null` + if test $? = 0; then + LIBCRYPTO_LIBS=`$PKG_CONFIG libcrypto --libs-only-l 2>/dev/null` + LIBCRYPTO_INCLUDES=`$PKG_CONFIG libcrypto --cflags-only-I 2>/dev/null` + ssldir=`$PKG_CONFIG libcrypto --variable=prefix 2>/dev/null` + found=true + fi + fi + + # no such luck; use some default ssldirs + if ! $found; then + ssldirs="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /usr" + fi + + +fi + + + + # note that we #include , so the OpenSSL headers have to be in + # an 'openssl' subdirectory + + if ! $found; then + LIBCRYPTO_INCLUDES= + for ssldir in $ssldirs; do + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openssl/crypto.h in $ssldir" >&5 +$as_echo_n "checking for openssl/crypto.h in $ssldir... " >&6; } + if test -f "$ssldir/include/openssl/crypto.h"; then + LIBCRYPTO_INCLUDES="-I$ssldir/include" + LIBCRYPTO_LDFLAGS="-L$ssldir/lib" + LIBCRYPTO_LIBS="-lcrypto" + found=true + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + break + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + fi + done + + # if the file wasn't found, well, go ahead and try the link anyway -- maybe + # it will just work! + fi + + if $found; then + +$as_echo "#define HAVE_LIBCRYPTO 1" >>confdefs.h + + fi + + # try the preprocessor and linker with our new flags, + # being careful not to pollute the global LIBS, LDFLAGS, and CPPFLAGS + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether compiling and linking against OpenSSL's libcrypto works" >&5 +$as_echo_n "checking whether compiling and linking against OpenSSL's libcrypto works... " >&6; } + echo "Trying link with LIBCRYPTO_LDFLAGS=$LIBCRYPTO_LDFLAGS;" \ + "LIBCRYPTO_LIBS=$LIBCRYPTO_LIBS; LIBCRYPTO_INCLUDES=$LIBCRYPTO_INCLUDES" >&5 + + save_LIBS="$LIBS" + save_LDFLAGS="$LDFLAGS" + save_CPPFLAGS="$CPPFLAGS" + LDFLAGS="$LDFLAGS $LIBCRYPTO_LDFLAGS" + LIBS="$LIBCRYPTO_LIBS $LIBS" + CPPFLAGS="$LIBCRYPTO_INCLUDES $CPPFLAGS" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ +ERR_load_CRYPTO_strings() + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + for ac_func in RAND_bytes RAND_pseudo_bytes CRYPTO_memcmp OPENSSL_init_crypto EVP_MD_CTX_new EVP_MD_CTX_free RSA_get0_key +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_cxx_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + ac_fn_cxx_check_decl "$LINENO" "EVP_PKEY_CTX_set1_scrypt_salt" "ac_cv_have_decl_EVP_PKEY_CTX_set1_scrypt_salt" "#include +" +if test "x$ac_cv_have_decl_EVP_PKEY_CTX_set1_scrypt_salt" = xyes; then : + +$as_echo "#define HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT 1" >>confdefs.h + +fi + + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CPPFLAGS="$save_CPPFLAGS" + LDFLAGS="$save_LDFLAGS" + LIBS="$save_LIBS" + + + + + if test "x$LIBCRYPTO_LIBS" != "x"; then + HAVE_LIBCRYPTO_TRUE= + HAVE_LIBCRYPTO_FALSE='#' +else + HAVE_LIBCRYPTO_TRUE='#' + HAVE_LIBCRYPTO_FALSE= +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable DNS over TLS support" >&5 +$as_echo_n "checking whether to enable DNS over TLS support... " >&6; } + # Check whether --enable-dns-over-tls was given. +if test "${enable_dns_over_tls+set}" = set; then : + enableval=$enable_dns_over_tls; enable_dns_over_tls=$enableval +else + enable_dns_over_tls=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_dns_over_tls" >&5 +$as_echo "$enable_dns_over_tls" >&6; } + if test "x$enable_dns_over_tls" != "xno"; then + HAVE_DNS_OVER_TLS_TRUE= + HAVE_DNS_OVER_TLS_FALSE='#' +else + HAVE_DNS_OVER_TLS_TRUE='#' + HAVE_DNS_OVER_TLS_FALSE= +fi + + + if test -z "$HAVE_DNS_OVER_TLS_TRUE"; then : + + +$as_echo "#define HAVE_DNS_OVER_TLS 1" >>confdefs.h + + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable incoming DNS over HTTPS (DoH) support" >&5 +$as_echo_n "checking whether to enable incoming DNS over HTTPS (DoH) support... " >&6; } + # Check whether --enable-dns-over-https was given. +if test "${enable_dns_over_https+set}" = set; then : + enableval=$enable_dns_over_https; enable_dns_over_https=$enableval +else + enable_dns_over_https=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_dns_over_https" >&5 +$as_echo "$enable_dns_over_https" >&6; } + if test "x$enable_dns_over_https" != "xno"; then + HAVE_DNS_OVER_HTTPS_TRUE= + HAVE_DNS_OVER_HTTPS_FALSE='#' +else + HAVE_DNS_OVER_HTTPS_TRUE='#' + HAVE_DNS_OVER_HTTPS_FALSE= +fi + + + if test -z "$HAVE_DNS_OVER_HTTPS_TRUE"; then : + + +$as_echo "#define HAVE_DNS_OVER_HTTPS 1" >>confdefs.h + + +fi + + +if test "x$enable_dns_over_tls" != "xno" -o "x$enable_dns_over_https" != "xno"; then : + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we will be linking in OpenSSL libssl" >&5 +$as_echo_n "checking whether we will be linking in OpenSSL libssl... " >&6; } + HAVE_LIBSSL=0 + +# Check whether --with-libssl was given. +if test "${with_libssl+set}" = set; then : + withval=$with_libssl; with_libssl=$withval +else + with_libssl=auto +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_libssl" >&5 +$as_echo "$with_libssl" >&6; } + + if test "x$with_libssl" != "xno"; then : + + if test "x$with_libssl" = "xyes" -o "x$with_libssl" = "xauto"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBSSL" >&5 +$as_echo_n "checking for LIBSSL... " >&6; } + +if test -n "$LIBSSL_CFLAGS"; then + pkg_cv_LIBSSL_CFLAGS="$LIBSSL_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libssl\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libssl") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBSSL_CFLAGS=`$PKG_CONFIG --cflags "libssl" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LIBSSL_LIBS"; then + pkg_cv_LIBSSL_LIBS="$LIBSSL_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libssl\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libssl") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBSSL_LIBS=`$PKG_CONFIG --libs "libssl" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBSSL_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libssl" 2>&1` + else + LIBSSL_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libssl" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBSSL_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LIBSSL_CFLAGS=$pkg_cv_LIBSSL_CFLAGS + LIBSSL_LIBS=$pkg_cv_LIBSSL_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + HAVE_LIBSSL=1 + +$as_echo "#define HAVE_LIBSSL 1" >>confdefs.h + + save_CFLAGS=$CFLAGS + save_LIBS=$LIBS + CFLAGS="$LIBSSL_CFLAGS $CFLAGS" + LIBS="$LIBSSL_LIBS -lcrypto $LIBS" + for ac_func in SSL_CTX_set_ciphersuites OCSP_basic_sign SSL_CTX_set_num_tickets SSL_CTX_set_keylog_callback SSL_CTX_get0_privatekey SSL_CTX_set_min_proto_version SSL_set_hostflags SSL_CTX_set_alpn_protos SSL_CTX_set_next_proto_select_cb SSL_get0_alpn_selected SSL_get0_next_proto_negotiated SSL_CTX_set_alpn_select_cb +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_cxx_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + CFLAGS=$save_CFLAGS + LIBS=$save_LIBS + + +fi + +fi + +fi + if test "x$LIBSSL_LIBS" != "x"; then + HAVE_LIBSSL_TRUE= + HAVE_LIBSSL_FALSE='#' +else + HAVE_LIBSSL_TRUE='#' + HAVE_LIBSSL_FALSE= +fi + + if test "x$with_libssl" = "xyes"; then : + + if test x"$LIBSSL_LIBS" = "x"; then : + + as_fn_error $? "OpenSSL libssl requested but libraries were not found" "$LINENO" 5 + +fi + +fi + + +fi + +if test "x$enable_dns_over_tls" != "xno"; then : + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we will be linking in GnuTLS" >&5 +$as_echo_n "checking whether we will be linking in GnuTLS... " >&6; } + HAVE_GNUTLS=0 + +# Check whether --with-gnutls was given. +if test "${with_gnutls+set}" = set; then : + withval=$with_gnutls; with_gnutls=$withval +else + with_gnutls=auto +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_gnutls" >&5 +$as_echo "$with_gnutls" >&6; } + + if test "x$with_gnutls" != "xno"; then : + + if test "x$with_gnutls" = "xyes" -o "x$with_gnutls" = "xauto"; then : + + # we require gnutls_certificate_set_x509_key_file, added in 3.1.11 + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for GNUTLS" >&5 +$as_echo_n "checking for GNUTLS... " >&6; } + +if test -n "$GNUTLS_CFLAGS"; then + pkg_cv_GNUTLS_CFLAGS="$GNUTLS_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gnutls >= 3.1.11\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gnutls >= 3.1.11") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_GNUTLS_CFLAGS=`$PKG_CONFIG --cflags "gnutls >= 3.1.11" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$GNUTLS_LIBS"; then + pkg_cv_GNUTLS_LIBS="$GNUTLS_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"gnutls >= 3.1.11\""; } >&5 + ($PKG_CONFIG --exists --print-errors "gnutls >= 3.1.11") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_GNUTLS_LIBS=`$PKG_CONFIG --libs "gnutls >= 3.1.11" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + GNUTLS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "gnutls >= 3.1.11" 2>&1` + else + GNUTLS_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "gnutls >= 3.1.11" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$GNUTLS_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + GNUTLS_CFLAGS=$pkg_cv_GNUTLS_CFLAGS + GNUTLS_LIBS=$pkg_cv_GNUTLS_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + HAVE_GNUTLS=1 + +$as_echo "#define HAVE_GNUTLS 1" >>confdefs.h + + save_CFLAGS=$CFLAGS + save_LIBS=$LIBS + CFLAGS="$GNUTLS_CFLAGS $CFLAGS" + LIBS="$GNUTLS_LIBS $LIBS" + for ac_func in gnutls_memset gnutls_session_set_verify_cert gnutls_session_get_verify_cert_status gnutls_alpn_set_protocols +do : + as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` +ac_fn_cxx_check_func "$LINENO" "$ac_func" "$as_ac_var" +if eval test \"x\$"$as_ac_var"\" = x"yes"; then : + cat >>confdefs.h <<_ACEOF +#define `$as_echo "HAVE_$ac_func" | $as_tr_cpp` 1 +_ACEOF + +fi +done + + CFLAGS=$save_CFLAGS + LIBS=$save_LIBS + + +fi + +fi + +fi + if test "x$GNUTLS_LIBS" != "x"; then + HAVE_GNUTLS_TRUE= + HAVE_GNUTLS_FALSE='#' +else + HAVE_GNUTLS_TRUE='#' + HAVE_GNUTLS_FALSE= +fi + + if test "x$with_gnutls" = "xyes"; then : + + if test x"$GNUTLS_LIBS" = "x"; then : + + as_fn_error $? "GnuTLS requested but libraries were not found" "$LINENO" 5 + +fi + +fi + + + if test "x$HAVE_GNUTLS" != "x1" -a "x$HAVE_LIBSSL" != "x1"; then : + + as_fn_error $? "DNS over TLS support requested but neither GnuTLS nor OpenSSL are available" "$LINENO" 5 + +fi + +fi + + + HAVE_LIBH2OEVLOOP=0 + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LIBH2OEVLOOP" >&5 +$as_echo_n "checking for LIBH2OEVLOOP... " >&6; } + +if test -n "$LIBH2OEVLOOP_CFLAGS"; then + pkg_cv_LIBH2OEVLOOP_CFLAGS="$LIBH2OEVLOOP_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libh2o-evloop\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libh2o-evloop") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBH2OEVLOOP_CFLAGS=`$PKG_CONFIG --cflags "libh2o-evloop" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LIBH2OEVLOOP_LIBS"; then + pkg_cv_LIBH2OEVLOOP_LIBS="$LIBH2OEVLOOP_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libh2o-evloop\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libh2o-evloop") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LIBH2OEVLOOP_LIBS=`$PKG_CONFIG --libs "libh2o-evloop" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LIBH2OEVLOOP_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libh2o-evloop" 2>&1` + else + LIBH2OEVLOOP_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libh2o-evloop" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LIBH2OEVLOOP_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + LIBH2OEVLOOP_CFLAGS=$pkg_cv_LIBH2OEVLOOP_CFLAGS + LIBH2OEVLOOP_LIBS=$pkg_cv_LIBH2OEVLOOP_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + HAVE_LIBH2OEVLOOP=1 + +$as_echo "#define HAVE_LIBH2OEVLOOP 1" >>confdefs.h + + save_CFLAGS=$CFLAGS + save_LIBS=$LIBS + CFLAGS="$LIBH2OEVLOOP_CFLAGS $CFLAGS" + LIBS="$LIBH2OEVLOOP_LIBS $LIBS" + ac_fn_cxx_check_decl "$LINENO" "h2o_socket_get_ssl_server_name" "ac_cv_have_decl_h2o_socket_get_ssl_server_name" "$ac_includes_default + #include + +" +if test "x$ac_cv_have_decl_h2o_socket_get_ssl_server_name" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_H2O_SOCKET_GET_SSL_SERVER_NAME $ac_have_decl +_ACEOF +if test $ac_have_decl = 1; then : + + +$as_echo "#define HAVE_H2O_SOCKET_GET_SSL_SERVER_NAME 1" >>confdefs.h + + +else + : +fi + + CFLAGS=$save_CFLAGS + LIBS=$save_LIBS + +fi + if test "x$LIBH2OEVLOOP_LIBS" != "x"; then + HAVE_LIBH2OEVLOOP_TRUE= + HAVE_LIBH2OEVLOOP_FALSE='#' +else + HAVE_LIBH2OEVLOOP_TRUE='#' + HAVE_LIBH2OEVLOOP_FALSE= +fi + + +if test "x$enable_dns_over_https" != "xno"; then : + + if test "x$HAVE_LIBH2OEVLOOP" != "x1"; then : + + as_fn_error $? "DNS over HTTPS support requested but libh2o-evloop was not found" "$LINENO" 5 + +fi + + if test "x$HAVE_LIBSSL" != "x1"; then : + + as_fn_error $? "DNS over HTTPS support requested but OpenSSL was not found" "$LINENO" 5 + +fi + +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we will be linking in nghttp2" >&5 +$as_echo_n "checking whether we will be linking in nghttp2... " >&6; } + HAVE_NGHTTP2=0 + +# Check whether --with-nghttp2 was given. +if test "${with_nghttp2+set}" = set; then : + withval=$with_nghttp2; with_nghttp2=$withval +else + with_nghttp2=auto +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_nghttp2" >&5 +$as_echo "$with_nghttp2" >&6; } + + if test "x$with_nghttp2" != "xno"; then : + + if test "x$with_nghttp2" = "xyes" -o "x$with_nghttp2" = "xauto"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NGHTTP2" >&5 +$as_echo_n "checking for NGHTTP2... " >&6; } + +if test -n "$NGHTTP2_CFLAGS"; then + pkg_cv_NGHTTP2_CFLAGS="$NGHTTP2_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnghttp2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libnghttp2") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_NGHTTP2_CFLAGS=`$PKG_CONFIG --cflags "libnghttp2" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$NGHTTP2_LIBS"; then + pkg_cv_NGHTTP2_LIBS="$NGHTTP2_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnghttp2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libnghttp2") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_NGHTTP2_LIBS=`$PKG_CONFIG --libs "libnghttp2" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + NGHTTP2_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libnghttp2" 2>&1` + else + NGHTTP2_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libnghttp2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$NGHTTP2_PKG_ERRORS" >&5 + + : +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : +else + NGHTTP2_CFLAGS=$pkg_cv_NGHTTP2_CFLAGS + NGHTTP2_LIBS=$pkg_cv_NGHTTP2_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + HAVE_NGHTTP2=1 + +$as_echo "#define HAVE_NGHTTP2 1" >>confdefs.h + + save_CFLAGS=$CFLAGS + save_LIBS=$LIBS + CFLAGS="$NGHTTP2_CFLAGS $CFLAGS" + LIBS="$NGHTTP2_LIBS $LIBS" + CFLAGS=$save_CFLAGS + LIBS=$save_LIBS + + +fi + +fi + +fi + if test "x$NGHTTP2_LIBS" != "x"; then + HAVE_NGHTTP2_TRUE= + HAVE_NGHTTP2_FALSE='#' +else + HAVE_NGHTTP2_TRUE='#' + HAVE_NGHTTP2_FALSE= +fi + + if test "x$with_nghttp2" = "xyes"; then : + + if test x"$NGHTTP2_LIBS" = "x"; then : + + as_fn_error $? "nghttp2 requested but libraries were not found" "$LINENO" 5 + +fi + +fi + + + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CDB" >&5 +$as_echo_n "checking for CDB... " >&6; } + +if test -n "$CDB_CFLAGS"; then + pkg_cv_CDB_CFLAGS="$CDB_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcdb\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcdb") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CDB_CFLAGS=`$PKG_CONFIG --cflags "libcdb" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$CDB_LIBS"; then + pkg_cv_CDB_LIBS="$CDB_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcdb\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcdb") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CDB_LIBS=`$PKG_CONFIG --libs "libcdb" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + CDB_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libcdb" 2>&1` + else + CDB_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libcdb" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$CDB_PKG_ERRORS" >&5 + + for ac_header in cdb.h +do : + ac_fn_cxx_check_header_mongrel "$LINENO" "cdb.h" "ac_cv_header_cdb_h" "$ac_includes_default" +if test "x$ac_cv_header_cdb_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CDB_H 1 +_ACEOF + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cdb_find in -lcdb" >&5 +$as_echo_n "checking for cdb_find in -lcdb... " >&6; } +if ${ac_cv_lib_cdb_cdb_find+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcdb $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char cdb_find (); +int +main () +{ +return cdb_find (); + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_lib_cdb_cdb_find=yes +else + ac_cv_lib_cdb_cdb_find=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cdb_cdb_find" >&5 +$as_echo "$ac_cv_lib_cdb_cdb_find" >&6; } +if test "x$ac_cv_lib_cdb_cdb_find" = xyes; then : + + CDB_LIBS="-lcdb" + +$as_echo "#define HAVE_CDB 1" >>confdefs.h + + HAVE_CDB=1 + +else + : + +fi + +else + : + +fi + +done + + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + for ac_header in cdb.h +do : + ac_fn_cxx_check_header_mongrel "$LINENO" "cdb.h" "ac_cv_header_cdb_h" "$ac_includes_default" +if test "x$ac_cv_header_cdb_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_CDB_H 1 +_ACEOF + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cdb_find in -lcdb" >&5 +$as_echo_n "checking for cdb_find in -lcdb... " >&6; } +if ${ac_cv_lib_cdb_cdb_find+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcdb $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char cdb_find (); +int +main () +{ +return cdb_find (); + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_lib_cdb_cdb_find=yes +else + ac_cv_lib_cdb_cdb_find=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cdb_cdb_find" >&5 +$as_echo "$ac_cv_lib_cdb_cdb_find" >&6; } +if test "x$ac_cv_lib_cdb_cdb_find" = xyes; then : + + CDB_LIBS="-lcdb" + +$as_echo "#define HAVE_CDB 1" >>confdefs.h + + HAVE_CDB=1 + +else + : + +fi + +else + : + +fi + +done + + +else + CDB_CFLAGS=$pkg_cv_CDB_CFLAGS + CDB_LIBS=$pkg_cv_CDB_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_CDB 1" >>confdefs.h + + HAVE_CDB=1 + +fi + + + if test "x$CDB_LIBS" != "x"; then + HAVE_CDB_TRUE= + HAVE_CDB_FALSE='#' +else + HAVE_CDB_TRUE='#' + HAVE_CDB_FALSE= +fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking where to find the lmdb library and headers" >&5 +$as_echo_n "checking where to find the lmdb library and headers... " >&6; } + +# Check whether --with-lmdb was given. +if test "${with_lmdb+set}" = set; then : + withval=$with_lmdb; + with_lmdb=$withval + +else + + with_lmdb=auto + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_lmdb" >&5 +$as_echo "$with_lmdb" >&6; } + + if test "$with_lmdb" != "no"; then : + + if test "x$with_lmdb" = "xyes" -o "x$with_lmdb" = "xauto"; then : + + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for LMDB" >&5 +$as_echo_n "checking for LMDB... " >&6; } + +if test -n "$LMDB_CFLAGS"; then + pkg_cv_LMDB_CFLAGS="$LMDB_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lmdb\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lmdb") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LMDB_CFLAGS=`$PKG_CONFIG --cflags "lmdb" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$LMDB_LIBS"; then + pkg_cv_LMDB_LIBS="$LMDB_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"lmdb\""; } >&5 + ($PKG_CONFIG --exists --print-errors "lmdb") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_LMDB_LIBS=`$PKG_CONFIG --libs "lmdb" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + LMDB_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "lmdb" 2>&1` + else + LMDB_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "lmdb" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$LMDB_PKG_ERRORS" >&5 + + : + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + : + +else + LMDB_CFLAGS=$pkg_cv_LMDB_CFLAGS + LMDB_LIBS=$pkg_cv_LMDB_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + + +$as_echo "#define HAVE_LMDB 1" >>confdefs.h + + HAVE_LMDB=1 + +fi + +else + + save_CPPFLAGS=$CPPFLAGS + save_LIBS=$LIBS + if test -d "$with_lmdb/include"; then : + + LMDB_CFLAGS="-I$with_lmdb/include" + LMDB_LIBS="-L$with_lmdb/lib" + +else + + LMDB_CFLAGS="-I$with_lmdb" + LMDB_LIBS="-L$with_lmdb" + +fi + CPPFLAGS="$LMDB_CFLAGS" + LIBS="$LMDB_LIBS" + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing mdb_env_open" >&5 +$as_echo_n "checking for library containing mdb_env_open... " >&6; } +if ${ac_cv_search_mdb_env_open+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char mdb_env_open (); +int +main () +{ +return mdb_env_open (); + ; + return 0; +} +_ACEOF +for ac_lib in '' lmdb; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib $ac_func_search_save_LIBS" + fi + if ac_fn_cxx_try_link "$LINENO"; then : + ac_cv_search_mdb_env_open=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_mdb_env_open+:} false; then : + break +fi +done +if ${ac_cv_search_mdb_env_open+:} false; then : + +else + ac_cv_search_mdb_env_open=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_mdb_env_open" >&5 +$as_echo "$ac_cv_search_mdb_env_open" >&6; } +ac_res=$ac_cv_search_mdb_env_open +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + + for ac_header in lmdb.h +do : + ac_fn_cxx_check_header_mongrel "$LINENO" "lmdb.h" "ac_cv_header_lmdb_h" "$ac_includes_default" +if test "x$ac_cv_header_lmdb_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LMDB_H 1 +_ACEOF + + LMDB_LIBS="$LMDB_LIBS $ac_cv_search_mdb_env_open" + +$as_echo "#define HAVE_LMDB 1" >>confdefs.h + + HAVE_LMDB=1 + +else + + as_fn_error $? "lmdb headers not found in $with_lmdb" "$LINENO" 5 + +fi + +done + + CPPFLAGS="$save_CPPFLAGS" + LIBS="$save_LIBS" + + + +fi + + +fi + +fi + if test "x$LMDB_LIBS" != "x"; then + HAVE_LMDB_TRUE= + HAVE_LMDB_FALSE='#' +else + HAVE_LMDB_TRUE='#' + HAVE_LMDB_FALSE= +fi + + + + ax_cxx_compile_alternatives="17 1z" ax_cxx_compile_cxx17_required=true + ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + ac_success=no + + + + if test x$ac_success = xno; then + for alternative in ${ax_cxx_compile_alternatives}; do + for switch in -std=c++${alternative} +std=c++${alternative} "-h std=c++${alternative}"; do + cachevar=`$as_echo "ax_cv_cxx_compile_cxx17_$switch" | $as_tr_sh` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CXX supports C++17 features with $switch" >&5 +$as_echo_n "checking whether $CXX supports C++17 features with $switch... " >&6; } +if eval \${$cachevar+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_save_CXX="$CXX" + CXX="$CXX $switch" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +// If the compiler admits that it is not ready for C++11, why torture it? +// Hopefully, this will speed up the test. + +#ifndef __cplusplus + +#error "This is not a C++ compiler" + +#elif __cplusplus < 201103L + +#error "This is not a C++11 compiler" + +#else + +namespace cxx11 +{ + + namespace test_static_assert + { + + template + struct check + { + static_assert(sizeof(int) <= sizeof(T), "not big enough"); + }; + + } + + namespace test_final_override + { + + struct Base + { + virtual ~Base() {} + virtual void f() {} + }; + + struct Derived : public Base + { + virtual ~Derived() override {} + virtual void f() override {} + }; + + } + + namespace test_double_right_angle_brackets + { + + template < typename T > + struct check {}; + + typedef check single_type; + typedef check> double_type; + typedef check>> triple_type; + typedef check>>> quadruple_type; + + } + + namespace test_decltype + { + + int + f() + { + int a = 1; + decltype(a) b = 2; + return a + b; + } + + } + + namespace test_type_deduction + { + + template < typename T1, typename T2 > + struct is_same + { + static const bool value = false; + }; + + template < typename T > + struct is_same + { + static const bool value = true; + }; + + template < typename T1, typename T2 > + auto + add(T1 a1, T2 a2) -> decltype(a1 + a2) + { + return a1 + a2; + } + + int + test(const int c, volatile int v) + { + static_assert(is_same::value == true, ""); + static_assert(is_same::value == false, ""); + static_assert(is_same::value == false, ""); + auto ac = c; + auto av = v; + auto sumi = ac + av + 'x'; + auto sumf = ac + av + 1.0; + static_assert(is_same::value == true, ""); + static_assert(is_same::value == true, ""); + static_assert(is_same::value == true, ""); + static_assert(is_same::value == false, ""); + static_assert(is_same::value == true, ""); + return (sumf > 0.0) ? sumi : add(c, v); + } + + } + + namespace test_noexcept + { + + int f() { return 0; } + int g() noexcept { return 0; } + + static_assert(noexcept(f()) == false, ""); + static_assert(noexcept(g()) == true, ""); + + } + + namespace test_constexpr + { + + template < typename CharT > + unsigned long constexpr + strlen_c_r(const CharT *const s, const unsigned long acc) noexcept + { + return *s ? strlen_c_r(s + 1, acc + 1) : acc; + } + + template < typename CharT > + unsigned long constexpr + strlen_c(const CharT *const s) noexcept + { + return strlen_c_r(s, 0UL); + } + + static_assert(strlen_c("") == 0UL, ""); + static_assert(strlen_c("1") == 1UL, ""); + static_assert(strlen_c("example") == 7UL, ""); + static_assert(strlen_c("another\0example") == 7UL, ""); + + } + + namespace test_rvalue_references + { + + template < int N > + struct answer + { + static constexpr int value = N; + }; + + answer<1> f(int&) { return answer<1>(); } + answer<2> f(const int&) { return answer<2>(); } + answer<3> f(int&&) { return answer<3>(); } + + void + test() + { + int i = 0; + const int c = 0; + static_assert(decltype(f(i))::value == 1, ""); + static_assert(decltype(f(c))::value == 2, ""); + static_assert(decltype(f(0))::value == 3, ""); + } + + } + + namespace test_uniform_initialization + { + + struct test + { + static const int zero {}; + static const int one {1}; + }; + + static_assert(test::zero == 0, ""); + static_assert(test::one == 1, ""); + + } + + namespace test_lambdas + { + + void + test1() + { + auto lambda1 = [](){}; + auto lambda2 = lambda1; + lambda1(); + lambda2(); + } + + int + test2() + { + auto a = [](int i, int j){ return i + j; }(1, 2); + auto b = []() -> int { return '0'; }(); + auto c = [=](){ return a + b; }(); + auto d = [&](){ return c; }(); + auto e = [a, &b](int x) mutable { + const auto identity = [](int y){ return y; }; + for (auto i = 0; i < a; ++i) + a += b--; + return x + identity(a + b); + }(0); + return a + b + c + d + e; + } + + int + test3() + { + const auto nullary = [](){ return 0; }; + const auto unary = [](int x){ return x; }; + using nullary_t = decltype(nullary); + using unary_t = decltype(unary); + const auto higher1st = [](nullary_t f){ return f(); }; + const auto higher2nd = [unary](nullary_t f1){ + return [unary, f1](unary_t f2){ return f2(unary(f1())); }; + }; + return higher1st(nullary) + higher2nd(nullary)(unary); + } + + } + + namespace test_variadic_templates + { + + template + struct sum; + + template + struct sum + { + static constexpr auto value = N0 + sum::value; + }; + + template <> + struct sum<> + { + static constexpr auto value = 0; + }; + + static_assert(sum<>::value == 0, ""); + static_assert(sum<1>::value == 1, ""); + static_assert(sum<23>::value == 23, ""); + static_assert(sum<1, 2>::value == 3, ""); + static_assert(sum<5, 5, 11>::value == 21, ""); + static_assert(sum<2, 3, 5, 7, 11, 13>::value == 41, ""); + + } + + // http://stackoverflow.com/questions/13728184/template-aliases-and-sfinae + // Clang 3.1 fails with headers of libstd++ 4.8.3 when using std::function + // because of this. + namespace test_template_alias_sfinae + { + + struct foo {}; + + template + using member = typename T::member_type; + + template + void func(...) {} + + template + void func(member*) {} + + void test(); + + void test() { func(0); } + + } + +} // namespace cxx11 + +#endif // __cplusplus >= 201103L + + + + +// If the compiler admits that it is not ready for C++14, why torture it? +// Hopefully, this will speed up the test. + +#ifndef __cplusplus + +#error "This is not a C++ compiler" + +#elif __cplusplus < 201402L + +#error "This is not a C++14 compiler" + +#else + +namespace cxx14 +{ + + namespace test_polymorphic_lambdas + { + + int + test() + { + const auto lambda = [](auto&&... args){ + const auto istiny = [](auto x){ + return (sizeof(x) == 1UL) ? 1 : 0; + }; + const int aretiny[] = { istiny(args)... }; + return aretiny[0]; + }; + return lambda(1, 1L, 1.0f, '1'); + } + + } + + namespace test_binary_literals + { + + constexpr auto ivii = 0b0000000000101010; + static_assert(ivii == 42, "wrong value"); + + } + + namespace test_generalized_constexpr + { + + template < typename CharT > + constexpr unsigned long + strlen_c(const CharT *const s) noexcept + { + auto length = 0UL; + for (auto p = s; *p; ++p) + ++length; + return length; + } + + static_assert(strlen_c("") == 0UL, ""); + static_assert(strlen_c("x") == 1UL, ""); + static_assert(strlen_c("test") == 4UL, ""); + static_assert(strlen_c("another\0test") == 7UL, ""); + + } + + namespace test_lambda_init_capture + { + + int + test() + { + auto x = 0; + const auto lambda1 = [a = x](int b){ return a + b; }; + const auto lambda2 = [a = lambda1(x)](){ return a; }; + return lambda2(); + } + + } + + namespace test_digit_separators + { + + constexpr auto ten_million = 100'000'000; + static_assert(ten_million == 100000000, ""); + + } + + namespace test_return_type_deduction + { + + auto f(int& x) { return x; } + decltype(auto) g(int& x) { return x; } + + template < typename T1, typename T2 > + struct is_same + { + static constexpr auto value = false; + }; + + template < typename T > + struct is_same + { + static constexpr auto value = true; + }; + + int + test() + { + auto x = 0; + static_assert(is_same::value, ""); + static_assert(is_same::value, ""); + return x; + } + + } + +} // namespace cxx14 + +#endif // __cplusplus >= 201402L + + + + +// If the compiler admits that it is not ready for C++17, why torture it? +// Hopefully, this will speed up the test. + +#ifndef __cplusplus + +#error "This is not a C++ compiler" + +#elif __cplusplus < 201703L + +#error "This is not a C++17 compiler" + +#else + +#include +#include +#include + +namespace cxx17 +{ + + namespace test_constexpr_lambdas + { + + constexpr int foo = [](){return 42;}(); + + } + + namespace test::nested_namespace::definitions + { + + } + + namespace test_fold_expression + { + + template + int multiply(Args... args) + { + return (args * ... * 1); + } + + template + bool all(Args... args) + { + return (args && ...); + } + + } + + namespace test_extended_static_assert + { + + static_assert (true); + + } + + namespace test_auto_brace_init_list + { + + auto foo = {5}; + auto bar {5}; + + static_assert(std::is_same, decltype(foo)>::value); + static_assert(std::is_same::value); + } + + namespace test_typename_in_template_template_parameter + { + + template typename X> struct D; + + } + + namespace test_fallthrough_nodiscard_maybe_unused_attributes + { + + int f1() + { + return 42; + } + + [[nodiscard]] int f2() + { + [[maybe_unused]] auto unused = f1(); + + switch (f1()) + { + case 17: + f1(); + [[fallthrough]]; + case 42: + f1(); + } + return f1(); + } + + } + + namespace test_extended_aggregate_initialization + { + + struct base1 + { + int b1, b2 = 42; + }; + + struct base2 + { + base2() { + b3 = 42; + } + int b3; + }; + + struct derived : base1, base2 + { + int d; + }; + + derived d1 {{1, 2}, {}, 4}; // full initialization + derived d2 {{}, {}, 4}; // value-initialized bases + + } + + namespace test_general_range_based_for_loop + { + + struct iter + { + int i; + + int& operator* () + { + return i; + } + + const int& operator* () const + { + return i; + } + + iter& operator++() + { + ++i; + return *this; + } + }; + + struct sentinel + { + int i; + }; + + bool operator== (const iter& i, const sentinel& s) + { + return i.i == s.i; + } + + bool operator!= (const iter& i, const sentinel& s) + { + return !(i == s); + } + + struct range + { + iter begin() const + { + return {0}; + } + + sentinel end() const + { + return {5}; + } + }; + + void f() + { + range r {}; + + for (auto i : r) + { + [[maybe_unused]] auto v = i; + } + } + + } + + namespace test_lambda_capture_asterisk_this_by_value + { + + struct t + { + int i; + int foo() + { + return [*this]() + { + return i; + }(); + } + }; + + } + + namespace test_enum_class_construction + { + + enum class byte : unsigned char + {}; + + byte foo {42}; + + } + + namespace test_constexpr_if + { + + template + int f () + { + if constexpr(cond) + { + return 13; + } + else + { + return 42; + } + } + + } + + namespace test_selection_statement_with_initializer + { + + int f() + { + return 13; + } + + int f2() + { + if (auto i = f(); i > 0) + { + return 3; + } + + switch (auto i = f(); i + 4) + { + case 17: + return 2; + + default: + return 1; + } + } + + } + + namespace test_template_argument_deduction_for_class_templates + { + + template + struct pair + { + pair (T1 p1, T2 p2) + : m1 {p1}, + m2 {p2} + {} + + T1 m1; + T2 m2; + }; + + void f() + { + [[maybe_unused]] auto p = pair{13, 42u}; + } + + } + + namespace test_non_type_auto_template_parameters + { + + template + struct B + {}; + + B<5> b1; + B<'a'> b2; + + } + + namespace test_structured_bindings + { + + int arr[2] = { 1, 2 }; + std::pair pr = { 1, 2 }; + + auto f1() -> int(&)[2] + { + return arr; + } + + auto f2() -> std::pair& + { + return pr; + } + + struct S + { + int x1 : 2; + volatile double y1; + }; + + S f3() + { + return {}; + } + + auto [ x1, y1 ] = f1(); + auto& [ xr1, yr1 ] = f1(); + auto [ x2, y2 ] = f2(); + auto& [ xr2, yr2 ] = f2(); + const auto [ x3, y3 ] = f3(); + + } + + namespace test_exception_spec_type_system + { + + struct Good {}; + struct Bad {}; + + void g1() noexcept; + void g2(); + + template + Bad + f(T*, T*); + + template + Good + f(T1*, T2*); + + static_assert (std::is_same_v); + + } + + namespace test_inline_variables + { + + template void f(T) + {} + + template inline T g(T) + { + return T{}; + } + + template<> inline void f<>(int) + {} + + template<> int g<>(int) + { + return 5; + } + + } + +} // namespace cxx17 + +#endif // __cplusplus < 201703L + + + +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + eval $cachevar=yes +else + eval $cachevar=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CXX="$ac_save_CXX" +fi +eval ac_res=\$$cachevar + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + if eval test x\$$cachevar = xyes; then + CXX="$CXX $switch" + if test -n "$CXXCPP" ; then + CXXCPP="$CXXCPP $switch" + fi + ac_success=yes + break + fi + done + if test x$ac_success = xyes; then + break + fi + done + fi + ac_ext=cpp +ac_cpp='$CXXCPP $CPPFLAGS' +ac_compile='$CXX -c $CXXFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CXX -o conftest$ac_exeext $CXXFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_cxx_compiler_gnu + + if test x$ax_cxx_compile_cxx17_required = xtrue; then + if test x$ac_success = xno; then + as_fn_error $? "*** A compiler with support for C++17 language features is required." "$LINENO" 5 + fi + fi + if test x$ac_success = xno; then + HAVE_CXX17=0 + { $as_echo "$as_me:${as_lineno-$LINENO}: No compiler with C++17 support was found" >&5 +$as_echo "$as_me: No compiler with C++17 support was found" >&6;} + else + HAVE_CXX17=1 + +$as_echo "#define HAVE_CXX17 1" >>confdefs.h + + fi + + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether we will enable compiler security checks" >&5 +$as_echo_n "checking whether we will enable compiler security checks... " >&6; } +# Check whether --enable-hardening was given. +if test "${enable_hardening+set}" = set; then : + enableval=$enable_hardening; enable_hardening=$enableval +else + enable_hardening=yes + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_hardening" >&5 +$as_echo "$enable_hardening" >&6; } + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -Werror -Wunknown-warning-option" >&5 +$as_echo_n "checking whether C++ compiler handles -Werror -Wunknown-warning-option... " >&6; } +if ${gl_cv_warn_cxx__Werror__Wunknown_warning_option+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -Werror -Wunknown-warning-option" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__Werror__Wunknown_warning_option=yes +else + gl_cv_warn_cxx__Werror__Wunknown_warning_option=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__Werror__Wunknown_warning_option" >&5 +$as_echo "$gl_cv_warn_cxx__Werror__Wunknown_warning_option" >&6; } +if test "x$gl_cv_warn_cxx__Werror__Wunknown_warning_option" = xyes; then : + gl_unknown_warnings_are_errors='-Wunknown-warning-option -Werror' +else + gl_unknown_warnings_are_errors= +fi + +if test "x$enable_hardening" != "xno"; then : + + + + PIE_CFLAGS= + PIE_LDFLAGS= + OLD_CXXFLAGS=$CXXFLAGS + case "$host" in + *-*-mingw* | *-*-msvc* | *-*-cygwin* ) + ;; *) + CXXFLAGS="-fPIE -DPIE" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -pie" >&5 +$as_echo_n "checking whether C++ compiler handles -pie... " >&6; } +if ${gl_cv_warn_cxx__pie+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -pie" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +__thread unsigned int t_id; + +int +main () +{ +t_id = 1; + ; + return 0; +} + +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__pie=yes +else + gl_cv_warn_cxx__pie=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__pie" >&5 +$as_echo "$gl_cv_warn_cxx__pie" >&6; } +if test "x$gl_cv_warn_cxx__pie" = xyes; then : + + PIE_CFLAGS="-fPIE -DPIE" + PIE_LDFLAGS="-pie" + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -Wl,-pie" >&5 +$as_echo_n "checking whether C++ compiler handles -Wl,-pie... " >&6; } +if ${gl_cv_warn_cxx__Wl__pie+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -Wl,-pie" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include +__thread unsigned int t_id; + +int +main () +{ +t_id = 1; + ; + return 0; +} + +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__Wl__pie=yes +else + gl_cv_warn_cxx__Wl__pie=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__Wl__pie" >&5 +$as_echo "$gl_cv_warn_cxx__Wl__pie" >&6; } +if test "x$gl_cv_warn_cxx__Wl__pie" = xyes; then : + + PIE_CFLAGS="-fPIE -DPIE" + PIE_LDFLAGS="-Wl,-pie" + +fi + + +fi + + esac + CXXFLAGS=$OLD_CXXFLAGS + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -fstack-protector" >&5 +$as_echo_n "checking whether C++ compiler handles -fstack-protector... " >&6; } +if ${gl_cv_warn_cxx__fstack_protector+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -fstack-protector" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__fstack_protector=yes +else + gl_cv_warn_cxx__fstack_protector=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__fstack_protector" >&5 +$as_echo "$gl_cv_warn_cxx__fstack_protector" >&6; } +if test "x$gl_cv_warn_cxx__fstack_protector" = xyes; then : + + CFLAGS="-fstack-protector $CFLAGS" + CXXFLAGS="-fstack-protector $CXXFLAGS" + +fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles --param ssp-buffer-size=4" >&5 +$as_echo_n "checking whether C++ compiler handles --param ssp-buffer-size=4... " >&6; } +if ${gl_cv_warn_cxx___param_ssp_buffer_size_4+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors --param ssp-buffer-size=4" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx___param_ssp_buffer_size_4=yes +else + gl_cv_warn_cxx___param_ssp_buffer_size_4=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx___param_ssp_buffer_size_4" >&5 +$as_echo "$gl_cv_warn_cxx___param_ssp_buffer_size_4" >&6; } +if test "x$gl_cv_warn_cxx___param_ssp_buffer_size_4" = xyes; then : + + CFLAGS="--param ssp-buffer-size=4 $CFLAGS" + CXXFLAGS="--param ssp-buffer-size=4 $CXXFLAGS" + +fi + + + + OLD_CXXFLAGS="$CXXFLAGS" + CXXFLAGS="-Wall -W -Werror $CXXFLAGS" + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -D_FORTIFY_SOURCE=2" >&5 +$as_echo_n "checking whether C++ compiler handles -D_FORTIFY_SOURCE=2... " >&6; } +if ${gl_cv_warn_cxx__D_FORTIFY_SOURCE_2+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -D_FORTIFY_SOURCE=2" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +#include +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__D_FORTIFY_SOURCE_2=yes +else + gl_cv_warn_cxx__D_FORTIFY_SOURCE_2=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__D_FORTIFY_SOURCE_2" >&5 +$as_echo "$gl_cv_warn_cxx__D_FORTIFY_SOURCE_2" >&6; } +if test "x$gl_cv_warn_cxx__D_FORTIFY_SOURCE_2" = xyes; then : + + CFLAGS="-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $CFLAGS" + CXXFLAGS="-U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 $OLD_CXXFLAGS" + +else + CXXFLAGS="$OLD_CXXFLAGS" +fi + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for how to force completely read-only GOT table" >&5 +$as_echo_n "checking for how to force completely read-only GOT table... " >&6; } + + RELRO_LDFLAGS= + ld_help=`$CXX -Wl,-help 2>&1` + case $ld_help in + *"-z relro"*) RELRO_LDFLAGS="-Wl,-z -Wl,relro" ;; + esac + case $ld_help in + *"-z now"*) RELRO_LDFLAGS="$RELRO_LDFLAGS -Wl,-z -Wl,now" ;; + esac + + if test "x$RELRO_LDFLAGS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $RELRO_LDFLAGS" >&5 +$as_echo "$RELRO_LDFLAGS" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5 +$as_echo "unknown" >&6; } + +fi + + +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable AddressSanitizer" >&5 +$as_echo_n "checking whether to enable AddressSanitizer... " >&6; } + # Check whether --enable-asan was given. +if test "${enable_asan+set}" = set; then : + enableval=$enable_asan; enable_asan=$enableval +else + enable_asan=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_asan" >&5 +$as_echo "$enable_asan" >&6; } + + if test "x$enable_asan" != "xno"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -fsanitize=address" >&5 +$as_echo_n "checking whether C++ compiler handles -fsanitize=address... " >&6; } +if ${gl_cv_warn_cxx__fsanitize_address+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -fsanitize=address" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__fsanitize_address=yes +else + gl_cv_warn_cxx__fsanitize_address=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__fsanitize_address" >&5 +$as_echo "$gl_cv_warn_cxx__fsanitize_address" >&6; } +if test "x$gl_cv_warn_cxx__fsanitize_address" = xyes; then : + + SANITIZER_FLAGS="-fsanitize=address $SANITIZER_FLAGS" + for ac_header in sanitizer/common_interface_defs.h +do : + ac_fn_cxx_check_header_mongrel "$LINENO" "sanitizer/common_interface_defs.h" "ac_cv_header_sanitizer_common_interface_defs_h" "$ac_includes_default" +if test "x$ac_cv_header_sanitizer_common_interface_defs_h" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_SANITIZER_COMMON_INTERFACE_DEFS_H 1 +_ACEOF + asan_headers=yes +else + asan_headers=no +fi + +done + + if test x"$asan_headers" = "xyes" ; then : + ac_fn_cxx_check_decl "$LINENO" "__sanitizer_start_switch_fiber" "ac_cv_have_decl___sanitizer_start_switch_fiber" "#include + +" +if test "x$ac_cv_have_decl___sanitizer_start_switch_fiber" = xyes; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for the exact signature of __sanitizer_finish_switch_fiber" >&5 +$as_echo_n "checking for the exact signature of __sanitizer_finish_switch_fiber... " >&6; } + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include +int +main () +{ + + __sanitizer_finish_switch_fiber(nullptr); + + ; + return 0; +} + +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: a single pointer" >&5 +$as_echo "a single pointer" >&6; } + +$as_echo "#define HAVE_FIBER_SANITIZER 1" >>confdefs.h + + +$as_echo "#define HAVE_SANITIZER_FINISH_SWITCH_FIBER_SINGLE_PTR 1" >>confdefs.h + + +else + + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + #include +int +main () +{ + + __sanitizer_finish_switch_fiber(nullptr, nullptr, nullptr); + + ; + return 0; +} + +_ACEOF +if ac_fn_cxx_try_compile "$LINENO"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: three pointers" >&5 +$as_echo "three pointers" >&6; } + +$as_echo "#define HAVE_FIBER_SANITIZER 1" >>confdefs.h + + +$as_echo "#define HAVE_SANITIZER_FINISH_SWITCH_FIBER_THREE_PTRS 1" >>confdefs.h + + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: unknown" >&5 +$as_echo "unknown" >&6; } + { $as_echo "$as_me:${as_lineno-$LINENO}: ASAN fiber switching is not available due to an unknown API version" >&5 +$as_echo "$as_me: ASAN fiber switching is not available due to an unknown API version" >&6;} + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + +else + + { $as_echo "$as_me:${as_lineno-$LINENO}: ASAN fiber switching is not available" >&5 +$as_echo "$as_me: ASAN fiber switching is not available" >&6;} + +fi + + +fi + +else + as_fn_error $? "Cannot enable AddressSanitizer" "$LINENO" 5 + +fi + + +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable MemorySanitizer" >&5 +$as_echo_n "checking whether to enable MemorySanitizer... " >&6; } + # Check whether --enable-msan was given. +if test "${enable_msan+set}" = set; then : + enableval=$enable_msan; enable_msan=$enableval +else + enable_msan=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_msan" >&5 +$as_echo "$enable_msan" >&6; } + + if test "x$enable_msan" != "xno"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -fsanitize=memory" >&5 +$as_echo_n "checking whether C++ compiler handles -fsanitize=memory... " >&6; } +if ${gl_cv_warn_cxx__fsanitize_memory+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -fsanitize=memory" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__fsanitize_memory=yes +else + gl_cv_warn_cxx__fsanitize_memory=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__fsanitize_memory" >&5 +$as_echo "$gl_cv_warn_cxx__fsanitize_memory" >&6; } +if test "x$gl_cv_warn_cxx__fsanitize_memory" = xyes; then : + SANITIZER_FLAGS="-fsanitize=memory $SANITIZER_FLAGS" +else + as_fn_error $? "Cannot enable MemorySanitizer" "$LINENO" 5 + +fi + + +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable ThreadSanitizer" >&5 +$as_echo_n "checking whether to enable ThreadSanitizer... " >&6; } + # Check whether --enable-tsan was given. +if test "${enable_tsan+set}" = set; then : + enableval=$enable_tsan; enable_tsan=$enableval +else + enable_tsan=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_tsan" >&5 +$as_echo "$enable_tsan" >&6; } + + if test "x$enable_tsan" != "xno"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -fsanitize=thread" >&5 +$as_echo_n "checking whether C++ compiler handles -fsanitize=thread... " >&6; } +if ${gl_cv_warn_cxx__fsanitize_thread+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -fsanitize=thread" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__fsanitize_thread=yes +else + gl_cv_warn_cxx__fsanitize_thread=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__fsanitize_thread" >&5 +$as_echo "$gl_cv_warn_cxx__fsanitize_thread" >&6; } +if test "x$gl_cv_warn_cxx__fsanitize_thread" = xyes; then : + SANITIZER_FLAGS="-fsanitize=thread $SANITIZER_FLAGS" +else + as_fn_error $? "Cannot enable ThreadSanitizer" "$LINENO" 5 + +fi + + +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable LeakSanitizer" >&5 +$as_echo_n "checking whether to enable LeakSanitizer... " >&6; } + # Check whether --enable-lsan was given. +if test "${enable_lsan+set}" = set; then : + enableval=$enable_lsan; enable_lsan=$enableval +else + enable_lsan=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_lsan" >&5 +$as_echo "$enable_lsan" >&6; } + + if test "x$enable_lsan" != "xno"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -fsanitize=leak" >&5 +$as_echo_n "checking whether C++ compiler handles -fsanitize=leak... " >&6; } +if ${gl_cv_warn_cxx__fsanitize_leak+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -fsanitize=leak" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__fsanitize_leak=yes +else + gl_cv_warn_cxx__fsanitize_leak=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__fsanitize_leak" >&5 +$as_echo "$gl_cv_warn_cxx__fsanitize_leak" >&6; } +if test "x$gl_cv_warn_cxx__fsanitize_leak" = xyes; then : + SANITIZER_FLAGS="-fsanitize=leak $SANITIZER_FLAGS" +else + as_fn_error $? "Cannot enable LeakSanitizer" "$LINENO" 5 + +fi + + +fi + + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether to enable Undefined Behaviour Sanitizer" >&5 +$as_echo_n "checking whether to enable Undefined Behaviour Sanitizer... " >&6; } + # Check whether --enable-ubsan was given. +if test "${enable_ubsan+set}" = set; then : + enableval=$enable_ubsan; enable_ubsan=$enableval +else + enable_ubsan=no + +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_ubsan" >&5 +$as_echo "$enable_ubsan" >&6; } + + if test "x$enable_ubsan" != "xno"; then : + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -fsanitize=undefined" >&5 +$as_echo_n "checking whether C++ compiler handles -fsanitize=undefined... " >&6; } +if ${gl_cv_warn_cxx__fsanitize_undefined+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -fsanitize=undefined" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__fsanitize_undefined=yes +else + gl_cv_warn_cxx__fsanitize_undefined=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__fsanitize_undefined" >&5 +$as_echo "$gl_cv_warn_cxx__fsanitize_undefined" >&6; } +if test "x$gl_cv_warn_cxx__fsanitize_undefined" = xyes; then : + SANITIZER_FLAGS="-fsanitize=undefined $SANITIZER_FLAGS" +else + as_fn_error $? "Cannot enable Undefined Behaviour Sanitizer" "$LINENO" 5 + +fi + + +fi + + + + if test "x$enable_asan" != "xno" -a "x$enable_tsan" != "xno"; then : + + as_fn_error $? "Address Sanitizer is not compatible with Thread Sanitizer" "$LINENO" 5 + +fi + + if test "x$enable_msan" != "xno" -a "x$enable_asan" != "xno"; then : + + as_fn_error $? "Memory Sanitizer is not compatible with Address Sanitizer" "$LINENO" 5 + +fi + + if test "x$enable_msan" != "xno" -a "x$enable_lsan" != "xno"; then : + + as_fn_error $? "Memory Sanitizer is not compatible with Leak Sanitizer" "$LINENO" 5 + +fi + + if test "x$enable_msan" != "xno" -a "x$enable_tsan" != "xno"; then : + + as_fn_error $? "Memory Sanitizer is not compatible with Thread Sanitizer" "$LINENO" 5 + +fi + + if test "x$enable_asan" != "xno" -o "x$enable_tsan" != "xno" -o "x$enable_lsan" != "xno" -o "x$enable_ubsan" != "xno" -o "x$enable_msan" != "xno"; then : + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C++ compiler handles -fno-omit-frame-pointer" >&5 +$as_echo_n "checking whether C++ compiler handles -fno-omit-frame-pointer... " >&6; } +if ${gl_cv_warn_cxx__fno_omit_frame_pointer+:} false; then : + $as_echo_n "(cached) " >&6 +else + + gl_save_compiler_FLAGS="$CXXFLAGS" + as_fn_append CXXFLAGS " $gl_unknown_warnings_are_errors -fno-omit-frame-pointer" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_cxx_try_link "$LINENO"; then : + gl_cv_warn_cxx__fno_omit_frame_pointer=yes +else + gl_cv_warn_cxx__fno_omit_frame_pointer=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext + CXXFLAGS="$gl_save_compiler_FLAGS" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $gl_cv_warn_cxx__fno_omit_frame_pointer" >&5 +$as_echo "$gl_cv_warn_cxx__fno_omit_frame_pointer" >&6; } +if test "x$gl_cv_warn_cxx__fno_omit_frame_pointer" = xyes; then : + as_fn_append WARN_CFLAGS " -fno-omit-frame-pointer" +fi + + + +fi + + + + + + + + + + if test -n "$PYTHON"; then + # If the user set $PYTHON, use it and don't search something else. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $PYTHON version is >= 3.6" >&5 +$as_echo_n "checking whether $PYTHON version is >= 3.6... " >&6; } + prog="import sys +# split strings by '.' and convert to numeric. Append some zeros +# because we need at least 4 digits for the hex conversion. +# map returns an iterator in Python 3.0 and a list in 2.x +minver = list(map(int, '3.6'.split('.'))) + [0, 0, 0] +minverhex = 0 +# xrange is not present in Python 3.0 and range returns an iterator +for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] +sys.exit(sys.hexversion < minverhex)" + if { echo "$as_me:$LINENO: $PYTHON -c "$prog"" >&5 + ($PYTHON -c "$prog") >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + as_fn_error $? "Python interpreter is too old" "$LINENO" 5 +fi + am_display_PYTHON=$PYTHON + else + # Otherwise, try each interpreter until we find one that satisfies + # VERSION. + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for a Python interpreter with version >= 3.6" >&5 +$as_echo_n "checking for a Python interpreter with version >= 3.6... " >&6; } +if ${am_cv_pathless_PYTHON+:} false; then : + $as_echo_n "(cached) " >&6 +else + + for am_cv_pathless_PYTHON in python python2 python3 python3.9 python3.8 python3.7 python3.6 python3.5 python3.4 python3.3 python3.2 python3.1 python3.0 python2.7 python2.6 python2.5 python2.4 python2.3 python2.2 python2.1 python2.0 none; do + test "$am_cv_pathless_PYTHON" = none && break + prog="import sys +# split strings by '.' and convert to numeric. Append some zeros +# because we need at least 4 digits for the hex conversion. +# map returns an iterator in Python 3.0 and a list in 2.x +minver = list(map(int, '3.6'.split('.'))) + [0, 0, 0] +minverhex = 0 +# xrange is not present in Python 3.0 and range returns an iterator +for i in list(range(0, 4)): minverhex = (minverhex << 8) + minver[i] +sys.exit(sys.hexversion < minverhex)" + if { echo "$as_me:$LINENO: $am_cv_pathless_PYTHON -c "$prog"" >&5 + ($am_cv_pathless_PYTHON -c "$prog") >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); }; then : + break +fi + done +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_pathless_PYTHON" >&5 +$as_echo "$am_cv_pathless_PYTHON" >&6; } + # Set $PYTHON to the absolute path of $am_cv_pathless_PYTHON. + if test "$am_cv_pathless_PYTHON" = none; then + PYTHON=: + else + # Extract the first word of "$am_cv_pathless_PYTHON", so it can be a program name with args. +set dummy $am_cv_pathless_PYTHON; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PYTHON+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PYTHON in + [\\/]* | ?:[\\/]*) + ac_cv_path_PYTHON="$PYTHON" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PYTHON="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PYTHON=$ac_cv_path_PYTHON +if test -n "$PYTHON"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PYTHON" >&5 +$as_echo "$PYTHON" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + fi + am_display_PYTHON=$am_cv_pathless_PYTHON + fi + + + if test "$PYTHON" = :; then + : + else + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON version" >&5 +$as_echo_n "checking for $am_display_PYTHON version... " >&6; } +if ${am_cv_python_version+:} false; then : + $as_echo_n "(cached) " >&6 +else + am_cv_python_version=`$PYTHON -c "import sys; sys.stdout.write(sys.version[:3])"` +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_version" >&5 +$as_echo "$am_cv_python_version" >&6; } + PYTHON_VERSION=$am_cv_python_version + + + + PYTHON_PREFIX='${prefix}' + + PYTHON_EXEC_PREFIX='${exec_prefix}' + + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON platform" >&5 +$as_echo_n "checking for $am_display_PYTHON platform... " >&6; } +if ${am_cv_python_platform+:} false; then : + $as_echo_n "(cached) " >&6 +else + am_cv_python_platform=`$PYTHON -c "import sys; sys.stdout.write(sys.platform)"` +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_platform" >&5 +$as_echo "$am_cv_python_platform" >&6; } + PYTHON_PLATFORM=$am_cv_python_platform + + + # Just factor out some code duplication. + am_python_setup_sysconfig="\ +import sys +# Prefer sysconfig over distutils.sysconfig, for better compatibility +# with python 3.x. See automake bug#10227. +try: + import sysconfig +except ImportError: + can_use_sysconfig = 0 +else: + can_use_sysconfig = 1 +# Can't use sysconfig in CPython 2.7, since it's broken in virtualenvs: +# +try: + from platform import python_implementation + if python_implementation() == 'CPython' and sys.version[:3] == '2.7': + can_use_sysconfig = 0 +except ImportError: + pass" + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON script directory" >&5 +$as_echo_n "checking for $am_display_PYTHON script directory... " >&6; } +if ${am_cv_python_pythondir+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$prefix" = xNONE + then + am_py_prefix=$ac_default_prefix + else + am_py_prefix=$prefix + fi + am_cv_python_pythondir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('purelib', vars={'base':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(0, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pythondir in + $am_py_prefix*) + am__strip_prefix=`echo "$am_py_prefix" | sed 's|.|.|g'` + am_cv_python_pythondir=`echo "$am_cv_python_pythondir" | sed "s,^$am__strip_prefix,$PYTHON_PREFIX,"` + ;; + *) + case $am_py_prefix in + /usr|/System*) ;; + *) + am_cv_python_pythondir=$PYTHON_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pythondir" >&5 +$as_echo "$am_cv_python_pythondir" >&6; } + pythondir=$am_cv_python_pythondir + + + + pkgpythondir=\${pythondir}/$PACKAGE + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $am_display_PYTHON extension module directory" >&5 +$as_echo_n "checking for $am_display_PYTHON extension module directory... " >&6; } +if ${am_cv_python_pyexecdir+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test "x$exec_prefix" = xNONE + then + am_py_exec_prefix=$am_py_prefix + else + am_py_exec_prefix=$exec_prefix + fi + am_cv_python_pyexecdir=`$PYTHON -c " +$am_python_setup_sysconfig +if can_use_sysconfig: + sitedir = sysconfig.get_path('platlib', vars={'platbase':'$am_py_prefix'}) +else: + from distutils import sysconfig + sitedir = sysconfig.get_python_lib(1, 0, prefix='$am_py_prefix') +sys.stdout.write(sitedir)"` + case $am_cv_python_pyexecdir in + $am_py_exec_prefix*) + am__strip_prefix=`echo "$am_py_exec_prefix" | sed 's|.|.|g'` + am_cv_python_pyexecdir=`echo "$am_cv_python_pyexecdir" | sed "s,^$am__strip_prefix,$PYTHON_EXEC_PREFIX,"` + ;; + *) + case $am_py_exec_prefix in + /usr|/System*) ;; + *) + am_cv_python_pyexecdir=$PYTHON_EXEC_PREFIX/lib/python$PYTHON_VERSION/site-packages + ;; + esac + ;; + esac + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_python_pyexecdir" >&5 +$as_echo "$am_cv_python_pyexecdir" >&6; } + pyexecdir=$am_cv_python_pyexecdir + + + + pkgpyexecdir=\${pyexecdir}/$PACKAGE + + + + fi + + + if test "${PYTHON}" != ":"; then : + + + if test -z $PYTHON; + then + if test -z ""; + then + PYTHON="python3" + else + PYTHON="" + fi + fi + PYTHON_NAME=`basename $PYTHON` + { $as_echo "$as_me:${as_lineno-$LINENO}: checking $PYTHON_NAME module: venv" >&5 +$as_echo_n "checking $PYTHON_NAME module: venv... " >&6; } + $PYTHON -c "import venv" 2>/dev/null + if test $? -eq 0; + then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + eval HAVE_PYMOD_VENV=yes + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + eval HAVE_PYMOD_VENV=no + # + if test -n "" + then + as_fn_error $? "failed to find required module venv" "$LINENO" 5 + exit 1 + fi + fi + + +fi + if test "x${HAVE_PYMOD_VENV}" = "xyes"; then + HAVE_VENV_TRUE= + HAVE_VENV_FALSE='#' +else + HAVE_VENV_TRUE='#' + HAVE_VENV_FALSE= +fi + + + + if test -e "$srcdir/dnsdist.1"; then + HAVE_MANPAGES_TRUE= + HAVE_MANPAGES_FALSE='#' +else + HAVE_MANPAGES_TRUE='#' + HAVE_MANPAGES_FALSE= +fi + +if test -z "$HAVE_MANPAGES_TRUE"; then : + else + + if test -z "$HAVE_VENV_TRUE"; then : + else + + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: Python 3 and/or venv module are not available, documentation will not be built." >&5 +$as_echo "$as_me: WARNING: Python 3 and/or venv module are not available, documentation will not be built." >&2;} + +fi + +fi + +LDFLAGS="$RELRO_LDFLAGS $LDFLAGS" + +CFLAGS="$SANITIZER_FLAGS $PIE_CFLAGS $CFLAGS" +CXXFLAGS="$SANITIZER_FLAGS $PIE_CFLAGS $CXXFLAGS" + +PROGRAM_LDFLAGS="$PIE_LDFLAGS $PROGRAM_LDFLAGS" + + +AM_CPPFLAGS="-I\$(top_builddir) -I\$(top_srcdir) $THREADFLAGS $BOOST_CPPFLAGS" + + + + +if test "x$PACKAGEVERSION" != "x"; then : + +cat >>confdefs.h <<_ACEOF +#define PACKAGEVERSION "$PACKAGEVERSION" +_ACEOF + + +fi + +ac_config_files="$ac_config_files Makefile ext/yahttp/Makefile ext/yahttp/yahttp/Makefile ext/ipcrypt/Makefile" + + +cat >confcache <<\_ACEOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs, see configure's option --config-cache. +# It is not useful on other systems. If it contains results you don't +# want to keep, you may remove or edit it. +# +# config.status only pays attention to the cache file if you give it +# the --recheck option to rerun configure. +# +# `ac_cv_env_foo' variables (set or unset) will be overridden when +# loading this file, other *unset* `ac_cv_foo' will be assigned the +# following values. + +_ACEOF + +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, we kill variables containing newlines. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +( + for ac_var in `(set) 2>&1 | sed -n 's/^\([a-zA-Z_][a-zA-Z0-9_]*\)=.*/\1/p'`; do + eval ac_val=\$$ac_var + case $ac_val in #( + *${as_nl}*) + case $ac_var in #( + *_cv_*) { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: cache variable $ac_var contains a newline" >&5 +$as_echo "$as_me: WARNING: cache variable $ac_var contains a newline" >&2;} ;; + esac + case $ac_var in #( + _ | IFS | as_nl) ;; #( + BASH_ARGV | BASH_SOURCE) eval $ac_var= ;; #( + *) { eval $ac_var=; unset $ac_var;} ;; + esac ;; + esac + done + + (set) 2>&1 | + case $as_nl`(ac_space=' '; set) 2>&1` in #( + *${as_nl}ac_space=\ *) + # `set' does not quote correctly, so add quotes: double-quote + # substitution turns \\\\ into \\, and sed turns \\ into \. + sed -n \ + "s/'/'\\\\''/g; + s/^\\([_$as_cr_alnum]*_cv_[_$as_cr_alnum]*\\)=\\(.*\\)/\\1='\\2'/p" + ;; #( + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n "/^[_$as_cr_alnum]*_cv_[_$as_cr_alnum]*=/p" + ;; + esac | + sort +) | + sed ' + /^ac_cv_env_/b end + t clear + :clear + s/^\([^=]*\)=\(.*[{}].*\)$/test "${\1+set}" = set || &/ + t end + s/^\([^=]*\)=\(.*\)$/\1=${\1=\2}/ + :end' >>confcache +if diff "$cache_file" confcache >/dev/null 2>&1; then :; else + if test -w "$cache_file"; then + if test "x$cache_file" != "x/dev/null"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: updating cache $cache_file" >&5 +$as_echo "$as_me: updating cache $cache_file" >&6;} + if test ! -f "$cache_file" || test -h "$cache_file"; then + cat confcache >"$cache_file" + else + case $cache_file in #( + */* | ?:*) + mv -f confcache "$cache_file"$$ && + mv -f "$cache_file"$$ "$cache_file" ;; #( + *) + mv -f confcache "$cache_file" ;; + esac + fi + fi + else + { $as_echo "$as_me:${as_lineno-$LINENO}: not updating unwritable cache $cache_file" >&5 +$as_echo "$as_me: not updating unwritable cache $cache_file" >&6;} + fi +fi +rm -f confcache + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +DEFS=-DHAVE_CONFIG_H + +ac_libobjs= +ac_ltlibobjs= +U= +for ac_i in : $LIBOBJS; do test "x$ac_i" = x: && continue + # 1. Remove the extension, and $U if already installed. + ac_script='s/\$U\././;s/\.o$//;s/\.obj$//' + ac_i=`$as_echo "$ac_i" | sed "$ac_script"` + # 2. Prepend LIBOBJDIR. When used with automake>=1.10 LIBOBJDIR + # will be set to the directory where LIBOBJS objects are built. + as_fn_append ac_libobjs " \${LIBOBJDIR}$ac_i\$U.$ac_objext" + as_fn_append ac_ltlibobjs " \${LIBOBJDIR}$ac_i"'$U.lo' +done +LIBOBJS=$ac_libobjs + +LTLIBOBJS=$ac_ltlibobjs + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking that generated files are newer than configure" >&5 +$as_echo_n "checking that generated files are newer than configure... " >&6; } + if test -n "$am_sleep_pid"; then + # Hide warnings about reused PIDs. + wait $am_sleep_pid 2>/dev/null + fi + { $as_echo "$as_me:${as_lineno-$LINENO}: result: done" >&5 +$as_echo "done" >&6; } + if test -n "$EXEEXT"; then + am__EXEEXT_TRUE= + am__EXEEXT_FALSE='#' +else + am__EXEEXT_TRUE='#' + am__EXEEXT_FALSE= +fi + +if test -z "${AMDEP_TRUE}" && test -z "${AMDEP_FALSE}"; then + as_fn_error $? "conditional \"AMDEP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCC_TRUE}" && test -z "${am__fastdepCC_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${am__fastdepCXX_TRUE}" && test -z "${am__fastdepCXX_FALSE}"; then + as_fn_error $? "conditional \"am__fastdepCXX\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LIBSODIUM_TRUE}" && test -z "${LIBSODIUM_FALSE}"; then + as_fn_error $? "conditional \"LIBSODIUM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${FSTRM_TRUE}" && test -z "${FSTRM_FALSE}"; then + as_fn_error $? "conditional \"FSTRM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_FREEBSD_TRUE}" && test -z "${HAVE_FREEBSD_FALSE}"; then + as_fn_error $? "conditional \"HAVE_FREEBSD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_OPENBSD_TRUE}" && test -z "${HAVE_OPENBSD_FALSE}"; then + as_fn_error $? "conditional \"HAVE_OPENBSD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LINUX_TRUE}" && test -z "${HAVE_LINUX_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LINUX\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_DARWIN_TRUE}" && test -z "${HAVE_DARWIN_FALSE}"; then + as_fn_error $? "conditional \"HAVE_DARWIN\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SOLARIS_TRUE}" && test -z "${HAVE_SOLARIS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SOLARIS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${UNIT_TESTS_TRUE}" && test -z "${UNIT_TESTS_FALSE}"; then + as_fn_error $? "conditional \"UNIT_TESTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_RE2_TRUE}" && test -z "${HAVE_RE2_FALSE}"; then + as_fn_error $? "conditional \"HAVE_RE2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${DNSCRYPT_TRUE}" && test -z "${DNSCRYPT_FALSE}"; then + as_fn_error $? "conditional \"DNSCRYPT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_EBPF_TRUE}" && test -z "${HAVE_EBPF_FALSE}"; then + as_fn_error $? "conditional \"HAVE_EBPF\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_NET_SNMP_TRUE}" && test -z "${HAVE_NET_SNMP_FALSE}"; then + as_fn_error $? "conditional \"HAVE_NET_SNMP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LIBCAP_TRUE}" && test -z "${HAVE_LIBCAP_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LIBCAP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_DYNAMIC_USER_TRUE}" && test -z "${HAVE_SYSTEMD_DYNAMIC_USER_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_DYNAMIC_USER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_LOCK_PERSONALITY_TRUE}" && test -z "${HAVE_SYSTEMD_LOCK_PERSONALITY_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_LOCK_PERSONALITY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE_TRUE}" && test -z "${HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_MEMORY_DENY_WRITE_EXECUTE\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PERCENT_T_TRUE}" && test -z "${HAVE_SYSTEMD_PERCENT_T_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PERCENT_T\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PRIVATE_DEVICES_TRUE}" && test -z "${HAVE_SYSTEMD_PRIVATE_DEVICES_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PRIVATE_DEVICES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PRIVATE_MOUNTS_TRUE}" && test -z "${HAVE_SYSTEMD_PRIVATE_MOUNTS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PRIVATE_MOUNTS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PRIVATE_TMP_TRUE}" && test -z "${HAVE_SYSTEMD_PRIVATE_TMP_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PRIVATE_TMP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PRIVATE_USERS_TRUE}" && test -z "${HAVE_SYSTEMD_PRIVATE_USERS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PRIVATE_USERS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PROTECT_CLOCK_TRUE}" && test -z "${HAVE_SYSTEMD_PROTECT_CLOCK_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PROTECT_CLOCK\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS_TRUE}" && test -z "${HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PROTECT_CONTROL_GROUPS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PROTECT_HOME_TRUE}" && test -z "${HAVE_SYSTEMD_PROTECT_HOME_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PROTECT_HOME\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PROTECT_HOSTNAME_TRUE}" && test -z "${HAVE_SYSTEMD_PROTECT_HOSTNAME_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PROTECT_HOSTNAME\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PROTECT_KERNEL_LOGS_TRUE}" && test -z "${HAVE_SYSTEMD_PROTECT_KERNEL_LOGS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PROTECT_KERNEL_LOGS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PROTECT_KERNEL_MODULES_TRUE}" && test -z "${HAVE_SYSTEMD_PROTECT_KERNEL_MODULES_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PROTECT_KERNEL_MODULES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES_TRUE}" && test -z "${HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PROTECT_KERNEL_TUNABLES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PROTECT_SYSTEM_TRUE}" && test -z "${HAVE_SYSTEMD_PROTECT_SYSTEM_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PROTECT_SYSTEM\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_PROTECT_SYSTEM_STRICT_TRUE}" && test -z "${HAVE_SYSTEMD_PROTECT_SYSTEM_STRICT_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_PROTECT_SYSTEM_STRICT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_REMOVE_IPC_TRUE}" && test -z "${HAVE_SYSTEMD_REMOVE_IPC_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_REMOVE_IPC\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES_TRUE}" && test -z "${HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_RESTRICT_ADDRESS_FAMILIES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_RESTRICT_NAMESPACES_TRUE}" && test -z "${HAVE_SYSTEMD_RESTRICT_NAMESPACES_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_RESTRICT_NAMESPACES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_RESTRICT_REALTIME_TRUE}" && test -z "${HAVE_SYSTEMD_RESTRICT_REALTIME_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_RESTRICT_REALTIME\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_RESTRICT_SUIDSGID_TRUE}" && test -z "${HAVE_SYSTEMD_RESTRICT_SUIDSGID_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_RESTRICT_SUIDSGID\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES_TRUE}" && test -z "${HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_SYSTEM_CALL_ARCHITECTURES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_SYSTEM_CALL_FILTER_TRUE}" && test -z "${HAVE_SYSTEMD_SYSTEM_CALL_FILTER_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_SYSTEM_CALL_FILTER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV_TRUE}" && test -z "${HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD_WITH_RUNTIME_DIR_ENV\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_SYSTEMD_TRUE}" && test -z "${HAVE_SYSTEMD_FALSE}"; then + as_fn_error $? "conditional \"HAVE_SYSTEMD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${LUA_TRUE}" && test -z "${LUA_FALSE}"; then + as_fn_error $? "conditional \"LUA\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LUA_HPP_TRUE}" && test -z "${HAVE_LUA_HPP_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LUA_HPP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_GNUTLS_TRUE}" && test -z "${HAVE_GNUTLS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_GNUTLS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LIBSSL_TRUE}" && test -z "${HAVE_LIBSSL_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LIBSSL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LMDB_TRUE}" && test -z "${HAVE_LMDB_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LMDB\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_CDB_TRUE}" && test -z "${HAVE_CDB_FALSE}"; then + as_fn_error $? "conditional \"HAVE_CDB\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LIBCRYPTO_TRUE}" && test -z "${HAVE_LIBCRYPTO_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LIBCRYPTO\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_DNS_OVER_TLS_TRUE}" && test -z "${HAVE_DNS_OVER_TLS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_DNS_OVER_TLS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_DNS_OVER_HTTPS_TRUE}" && test -z "${HAVE_DNS_OVER_HTTPS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_DNS_OVER_HTTPS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LIBSSL_TRUE}" && test -z "${HAVE_LIBSSL_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LIBSSL\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_GNUTLS_TRUE}" && test -z "${HAVE_GNUTLS_FALSE}"; then + as_fn_error $? "conditional \"HAVE_GNUTLS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LIBH2OEVLOOP_TRUE}" && test -z "${HAVE_LIBH2OEVLOOP_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LIBH2OEVLOOP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_NGHTTP2_TRUE}" && test -z "${HAVE_NGHTTP2_FALSE}"; then + as_fn_error $? "conditional \"HAVE_NGHTTP2\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_CDB_TRUE}" && test -z "${HAVE_CDB_FALSE}"; then + as_fn_error $? "conditional \"HAVE_CDB\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_LMDB_TRUE}" && test -z "${HAVE_LMDB_FALSE}"; then + as_fn_error $? "conditional \"HAVE_LMDB\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_VENV_TRUE}" && test -z "${HAVE_VENV_FALSE}"; then + as_fn_error $? "conditional \"HAVE_VENV\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_MANPAGES_TRUE}" && test -z "${HAVE_MANPAGES_FALSE}"; then + as_fn_error $? "conditional \"HAVE_MANPAGES\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi + +: "${CONFIG_STATUS=./config.status}" +ac_write_fail=0 +ac_clean_files_save=$ac_clean_files +ac_clean_files="$ac_clean_files $CONFIG_STATUS" +{ $as_echo "$as_me:${as_lineno-$LINENO}: creating $CONFIG_STATUS" >&5 +$as_echo "$as_me: creating $CONFIG_STATUS" >&6;} +as_write_fail=0 +cat >$CONFIG_STATUS <<_ASEOF || as_write_fail=1 +#! $SHELL +# Generated by $as_me. +# Run this file to recreate the current configuration. +# Compiler output produced by configure, useful for debugging +# configure, is in config.log if it exists. + +debug=false +ac_cs_recheck=false +ac_cs_silent=false + +SHELL=\${CONFIG_SHELL-$SHELL} +export SHELL +_ASEOF +cat >>$CONFIG_STATUS <<\_ASEOF || as_write_fail=1 +## -------------------- ## +## M4sh Initialization. ## +## -------------------- ## + +# Be more Bourne compatible +DUALCASE=1; export DUALCASE # for MKS sh +if test -n "${ZSH_VERSION+set}" && (emulate sh) >/dev/null 2>&1; then : + emulate sh + NULLCMD=: + # Pre-4.2 versions of Zsh do word splitting on ${1+"$@"}, which + # is contrary to our usage. Disable this feature. + alias -g '${1+"$@"}'='"$@"' + setopt NO_GLOB_SUBST +else + case `(set -o) 2>/dev/null` in #( + *posix*) : + set -o posix ;; #( + *) : + ;; +esac +fi + + +as_nl=' +' +export as_nl +# Printing a long string crashes Solaris 7 /usr/bin/printf. +as_echo='\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\' +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo +as_echo=$as_echo$as_echo$as_echo$as_echo$as_echo$as_echo +# Prefer a ksh shell builtin over an external printf program on Solaris, +# but without wasting forks for bash or zsh. +if test -z "$BASH_VERSION$ZSH_VERSION" \ + && (test "X`print -r -- $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='print -r --' + as_echo_n='print -rn --' +elif (test "X`printf %s $as_echo`" = "X$as_echo") 2>/dev/null; then + as_echo='printf %s\n' + as_echo_n='printf %s' +else + if test "X`(/usr/ucb/echo -n -n $as_echo) 2>/dev/null`" = "X-n $as_echo"; then + as_echo_body='eval /usr/ucb/echo -n "$1$as_nl"' + as_echo_n='/usr/ucb/echo -n' + else + as_echo_body='eval expr "X$1" : "X\\(.*\\)"' + as_echo_n_body='eval + arg=$1; + case $arg in #( + *"$as_nl"*) + expr "X$arg" : "X\\(.*\\)$as_nl"; + arg=`expr "X$arg" : ".*$as_nl\\(.*\\)"`;; + esac; + expr "X$arg" : "X\\(.*\\)" | tr -d "$as_nl" + ' + export as_echo_n_body + as_echo_n='sh -c $as_echo_n_body as_echo' + fi + export as_echo_body + as_echo='sh -c $as_echo_body as_echo' +fi + +# The user is always right. +if test "${PATH_SEPARATOR+set}" != set; then + PATH_SEPARATOR=: + (PATH='/bin;/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 && { + (PATH='/bin:/bin'; FPATH=$PATH; sh -c :) >/dev/null 2>&1 || + PATH_SEPARATOR=';' + } +fi + + +# IFS +# We need space, tab and new line, in precisely that order. Quoting is +# there to prevent editors from complaining about space-tab. +# (If _AS_PATH_WALK were called with IFS unset, it would disable word +# splitting by setting IFS to empty value.) +IFS=" "" $as_nl" + +# Find who we are. Look in the path if we contain no directory separator. +as_myself= +case $0 in #(( + *[\\/]* ) as_myself=$0 ;; + *) as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + test -r "$as_dir/$0" && as_myself=$as_dir/$0 && break + done +IFS=$as_save_IFS + + ;; +esac +# We did not find ourselves, most probably we were run as `sh COMMAND' +# in which case we are not to be found in the path. +if test "x$as_myself" = x; then + as_myself=$0 +fi +if test ! -f "$as_myself"; then + $as_echo "$as_myself: error: cannot find myself; rerun with an absolute file name" >&2 + exit 1 +fi + +# Unset variables that we do not need and which cause bugs (e.g. in +# pre-3.0 UWIN ksh). But do not cause bugs in bash 2.01; the "|| exit 1" +# suppresses any "Segmentation fault" message there. '((' could +# trigger a bug in pdksh 5.2.14. +for as_var in BASH_ENV ENV MAIL MAILPATH +do eval test x\${$as_var+set} = xset \ + && ( (unset $as_var) || exit 1) >/dev/null 2>&1 && unset $as_var || : +done +PS1='$ ' +PS2='> ' +PS4='+ ' + +# NLS nuisances. +LC_ALL=C +export LC_ALL +LANGUAGE=C +export LANGUAGE + +# CDPATH. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + + +# as_fn_error STATUS ERROR [LINENO LOG_FD] +# ---------------------------------------- +# Output "`basename $0`: error: ERROR" to stderr. If LINENO and LOG_FD are +# provided, also output the error to LOG_FD, referencing LINENO. Then exit the +# script with STATUS, using 1 if that was 0. +as_fn_error () +{ + as_status=$1; test $as_status -eq 0 && as_status=1 + if test "$4"; then + as_lineno=${as_lineno-"$3"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + $as_echo "$as_me:${as_lineno-$LINENO}: error: $2" >&$4 + fi + $as_echo "$as_me: error: $2" >&2 + as_fn_exit $as_status +} # as_fn_error + + +# as_fn_set_status STATUS +# ----------------------- +# Set $? to STATUS, without forking. +as_fn_set_status () +{ + return $1 +} # as_fn_set_status + +# as_fn_exit STATUS +# ----------------- +# Exit the shell with STATUS, even in a "trap 0" or "set -e" context. +as_fn_exit () +{ + set +e + as_fn_set_status $1 + exit $1 +} # as_fn_exit + +# as_fn_unset VAR +# --------------- +# Portably unset VAR. +as_fn_unset () +{ + { eval $1=; unset $1;} +} +as_unset=as_fn_unset +# as_fn_append VAR VALUE +# ---------------------- +# Append the text in VALUE to the end of the definition contained in VAR. Take +# advantage of any shell optimizations that allow amortized linear growth over +# repeated appends, instead of the typical quadratic growth present in naive +# implementations. +if (eval "as_var=1; as_var+=2; test x\$as_var = x12") 2>/dev/null; then : + eval 'as_fn_append () + { + eval $1+=\$2 + }' +else + as_fn_append () + { + eval $1=\$$1\$2 + } +fi # as_fn_append + +# as_fn_arith ARG... +# ------------------ +# Perform arithmetic evaluation on the ARGs, and store the result in the +# global $as_val. Take advantage of shells that can avoid forks. The arguments +# must be portable across $(()) and expr. +if (eval "test \$(( 1 + 1 )) = 2") 2>/dev/null; then : + eval 'as_fn_arith () + { + as_val=$(( $* )) + }' +else + as_fn_arith () + { + as_val=`expr "$@" || test $? -eq 1` + } +fi # as_fn_arith + + +if expr a : '\(a\)' >/dev/null 2>&1 && + test "X`expr 00001 : '.*\(...\)'`" = X001; then + as_expr=expr +else + as_expr=false +fi + +if (basename -- /) >/dev/null 2>&1 && test "X`basename -- / 2>&1`" = "X/"; then + as_basename=basename +else + as_basename=false +fi + +if (as_dir=`dirname -- /` && test "X$as_dir" = X/) >/dev/null 2>&1; then + as_dirname=dirname +else + as_dirname=false +fi + +as_me=`$as_basename -- "$0" || +$as_expr X/"$0" : '.*/\([^/][^/]*\)/*$' \| \ + X"$0" : 'X\(//\)$' \| \ + X"$0" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$0" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + +# Avoid depending upon Character Ranges. +as_cr_letters='abcdefghijklmnopqrstuvwxyz' +as_cr_LETTERS='ABCDEFGHIJKLMNOPQRSTUVWXYZ' +as_cr_Letters=$as_cr_letters$as_cr_LETTERS +as_cr_digits='0123456789' +as_cr_alnum=$as_cr_Letters$as_cr_digits + +ECHO_C= ECHO_N= ECHO_T= +case `echo -n x` in #((((( +-n*) + case `echo 'xy\c'` in + *c*) ECHO_T=' ';; # ECHO_T is single tab character. + xy) ECHO_C='\c';; + *) echo `echo ksh88 bug on AIX 6.1` > /dev/null + ECHO_T=' ';; + esac;; +*) + ECHO_N='-n';; +esac + +rm -f conf$$ conf$$.exe conf$$.file +if test -d conf$$.dir; then + rm -f conf$$.dir/conf$$.file +else + rm -f conf$$.dir + mkdir conf$$.dir 2>/dev/null +fi +if (echo >conf$$.file) 2>/dev/null; then + if ln -s conf$$.file conf$$ 2>/dev/null; then + as_ln_s='ln -s' + # ... but there are two gotchas: + # 1) On MSYS, both `ln -s file dir' and `ln file dir' fail. + # 2) DJGPP < 2.04 has no symlinks; `ln -s' creates a wrapper executable. + # In both cases, we have to default to `cp -pR'. + ln -s conf$$.file conf$$.dir 2>/dev/null && test ! -f conf$$.exe || + as_ln_s='cp -pR' + elif ln conf$$.file conf$$ 2>/dev/null; then + as_ln_s=ln + else + as_ln_s='cp -pR' + fi +else + as_ln_s='cp -pR' +fi +rm -f conf$$ conf$$.exe conf$$.dir/conf$$.file conf$$.file +rmdir conf$$.dir 2>/dev/null + + +# as_fn_mkdir_p +# ------------- +# Create "$as_dir" as a directory, including parents if necessary. +as_fn_mkdir_p () +{ + + case $as_dir in #( + -*) as_dir=./$as_dir;; + esac + test -d "$as_dir" || eval $as_mkdir_p || { + as_dirs= + while :; do + case $as_dir in #( + *\'*) as_qdir=`$as_echo "$as_dir" | sed "s/'/'\\\\\\\\''/g"`;; #'( + *) as_qdir=$as_dir;; + esac + as_dirs="'$as_qdir' $as_dirs" + as_dir=`$as_dirname -- "$as_dir" || +$as_expr X"$as_dir" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$as_dir" : 'X\(//\)[^/]' \| \ + X"$as_dir" : 'X\(//\)$' \| \ + X"$as_dir" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$as_dir" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + test -d "$as_dir" && break + done + test -z "$as_dirs" || eval "mkdir $as_dirs" + } || test -d "$as_dir" || as_fn_error $? "cannot create directory $as_dir" + + +} # as_fn_mkdir_p +if mkdir -p . 2>/dev/null; then + as_mkdir_p='mkdir -p "$as_dir"' +else + test -d ./-p && rmdir ./-p + as_mkdir_p=false +fi + + +# as_fn_executable_p FILE +# ----------------------- +# Test if FILE is an executable regular file. +as_fn_executable_p () +{ + test -f "$1" && test -x "$1" +} # as_fn_executable_p +as_test_x='test -x' +as_executable_p=as_fn_executable_p + +# Sed expression to map a string onto a valid CPP name. +as_tr_cpp="eval sed 'y%*$as_cr_letters%P$as_cr_LETTERS%;s%[^_$as_cr_alnum]%_%g'" + +# Sed expression to map a string onto a valid variable name. +as_tr_sh="eval sed 'y%*+%pp%;s%[^_$as_cr_alnum]%_%g'" + + +exec 6>&1 +## ----------------------------------- ## +## Main body of $CONFIG_STATUS script. ## +## ----------------------------------- ## +_ASEOF +test $as_write_fail = 0 && chmod +x $CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# Save the log message, to keep $0 and so on meaningful, and to +# report actual input values of CONFIG_FILES etc. instead of their +# values after options handling. +ac_log=" +This file was extended by dnsdist $as_me 1.7.3, which was +generated by GNU Autoconf 2.69. Invocation command line was + + CONFIG_FILES = $CONFIG_FILES + CONFIG_HEADERS = $CONFIG_HEADERS + CONFIG_LINKS = $CONFIG_LINKS + CONFIG_COMMANDS = $CONFIG_COMMANDS + $ $0 $@ + +on `(hostname || uname -n) 2>/dev/null | sed 1q` +" + +_ACEOF + +case $ac_config_files in *" +"*) set x $ac_config_files; shift; ac_config_files=$*;; +esac + +case $ac_config_headers in *" +"*) set x $ac_config_headers; shift; ac_config_headers=$*;; +esac + + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# Files that config.status was made for. +config_files="$ac_config_files" +config_headers="$ac_config_headers" +config_commands="$ac_config_commands" + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +ac_cs_usage="\ +\`$as_me' instantiates files and other configuration actions +from templates according to the current configuration. Unless the files +and actions are specified as TAGs, all are instantiated by default. + +Usage: $0 [OPTION]... [TAG]... + + -h, --help print this help, then exit + -V, --version print version number and configuration settings, then exit + --config print configuration, then exit + -q, --quiet, --silent + do not print progress messages + -d, --debug don't remove temporary files + --recheck update $as_me by reconfiguring in the same conditions + --file=FILE[:TEMPLATE] + instantiate the configuration file FILE + --header=FILE[:TEMPLATE] + instantiate the configuration header FILE + +Configuration files: +$config_files + +Configuration headers: +$config_headers + +Configuration commands: +$config_commands + +Report bugs to the package provider." + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" +ac_cs_version="\\ +dnsdist config.status 1.7.3 +configured by $0, generated by GNU Autoconf 2.69, + with options \\"\$ac_cs_config\\" + +Copyright (C) 2012 Free Software Foundation, Inc. +This config.status script is free software; the Free Software Foundation +gives unlimited permission to copy, distribute and modify it." + +ac_pwd='$ac_pwd' +srcdir='$srcdir' +INSTALL='$INSTALL' +MKDIR_P='$MKDIR_P' +AWK='$AWK' +test -n "\$AWK" || AWK=awk +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# The default lists apply if the user does not specify any file. +ac_need_defaults=: +while test $# != 0 +do + case $1 in + --*=?*) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg=`expr "X$1" : 'X[^=]*=\(.*\)'` + ac_shift=: + ;; + --*=) + ac_option=`expr "X$1" : 'X\([^=]*\)='` + ac_optarg= + ac_shift=: + ;; + *) + ac_option=$1 + ac_optarg=$2 + ac_shift=shift + ;; + esac + + case $ac_option in + # Handling of the options. + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + ac_cs_recheck=: ;; + --version | --versio | --versi | --vers | --ver | --ve | --v | -V ) + $as_echo "$ac_cs_version"; exit ;; + --config | --confi | --conf | --con | --co | --c ) + $as_echo "$ac_cs_config"; exit ;; + --debug | --debu | --deb | --de | --d | -d ) + debug=: ;; + --file | --fil | --fi | --f ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + '') as_fn_error $? "missing file argument" ;; + esac + as_fn_append CONFIG_FILES " '$ac_optarg'" + ac_need_defaults=false;; + --header | --heade | --head | --hea ) + $ac_shift + case $ac_optarg in + *\'*) ac_optarg=`$as_echo "$ac_optarg" | sed "s/'/'\\\\\\\\''/g"` ;; + esac + as_fn_append CONFIG_HEADERS " '$ac_optarg'" + ac_need_defaults=false;; + --he | --h) + # Conflict between --help and --header + as_fn_error $? "ambiguous option: \`$1' +Try \`$0 --help' for more information.";; + --help | --hel | -h ) + $as_echo "$ac_cs_usage"; exit ;; + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil | --si | --s) + ac_cs_silent=: ;; + + # This is an error. + -*) as_fn_error $? "unrecognized option: \`$1' +Try \`$0 --help' for more information." ;; + + *) as_fn_append ac_config_targets " $1" + ac_need_defaults=false ;; + + esac + shift +done + +ac_configure_extra_args= + +if $ac_cs_silent; then + exec 6>/dev/null + ac_configure_extra_args="$ac_configure_extra_args --silent" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +if \$ac_cs_recheck; then + set X $SHELL '$0' $ac_configure_args \$ac_configure_extra_args --no-create --no-recursion + shift + \$as_echo "running CONFIG_SHELL=$SHELL \$*" >&6 + CONFIG_SHELL='$SHELL' + export CONFIG_SHELL + exec "\$@" +fi + +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +exec 5>>config.log +{ + echo + sed 'h;s/./-/g;s/^.../## /;s/...$/ ##/;p;x;p;x' <<_ASBOX +## Running $as_me. ## +_ASBOX + $as_echo "$ac_log" +} >&5 + +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +# +# INIT-COMMANDS +# +AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}" + + +# The HP-UX ksh and POSIX shell print the target directory to stdout +# if CDPATH is set. +(unset CDPATH) >/dev/null 2>&1 && unset CDPATH + +sed_quote_subst='$sed_quote_subst' +double_quote_subst='$double_quote_subst' +delay_variable_subst='$delay_variable_subst' +macro_version='`$ECHO "$macro_version" | $SED "$delay_single_quote_subst"`' +macro_revision='`$ECHO "$macro_revision" | $SED "$delay_single_quote_subst"`' +enable_static='`$ECHO "$enable_static" | $SED "$delay_single_quote_subst"`' +enable_shared='`$ECHO "$enable_shared" | $SED "$delay_single_quote_subst"`' +pic_mode='`$ECHO "$pic_mode" | $SED "$delay_single_quote_subst"`' +enable_fast_install='`$ECHO "$enable_fast_install" | $SED "$delay_single_quote_subst"`' +shared_archive_member_spec='`$ECHO "$shared_archive_member_spec" | $SED "$delay_single_quote_subst"`' +SHELL='`$ECHO "$SHELL" | $SED "$delay_single_quote_subst"`' +ECHO='`$ECHO "$ECHO" | $SED "$delay_single_quote_subst"`' +PATH_SEPARATOR='`$ECHO "$PATH_SEPARATOR" | $SED "$delay_single_quote_subst"`' +host_alias='`$ECHO "$host_alias" | $SED "$delay_single_quote_subst"`' +host='`$ECHO "$host" | $SED "$delay_single_quote_subst"`' +host_os='`$ECHO "$host_os" | $SED "$delay_single_quote_subst"`' +build_alias='`$ECHO "$build_alias" | $SED "$delay_single_quote_subst"`' +build='`$ECHO "$build" | $SED "$delay_single_quote_subst"`' +build_os='`$ECHO "$build_os" | $SED "$delay_single_quote_subst"`' +SED='`$ECHO "$SED" | $SED "$delay_single_quote_subst"`' +Xsed='`$ECHO "$Xsed" | $SED "$delay_single_quote_subst"`' +GREP='`$ECHO "$GREP" | $SED "$delay_single_quote_subst"`' +EGREP='`$ECHO "$EGREP" | $SED "$delay_single_quote_subst"`' +FGREP='`$ECHO "$FGREP" | $SED "$delay_single_quote_subst"`' +LD='`$ECHO "$LD" | $SED "$delay_single_quote_subst"`' +NM='`$ECHO "$NM" | $SED "$delay_single_quote_subst"`' +LN_S='`$ECHO "$LN_S" | $SED "$delay_single_quote_subst"`' +max_cmd_len='`$ECHO "$max_cmd_len" | $SED "$delay_single_quote_subst"`' +ac_objext='`$ECHO "$ac_objext" | $SED "$delay_single_quote_subst"`' +exeext='`$ECHO "$exeext" | $SED "$delay_single_quote_subst"`' +lt_unset='`$ECHO "$lt_unset" | $SED "$delay_single_quote_subst"`' +lt_SP2NL='`$ECHO "$lt_SP2NL" | $SED "$delay_single_quote_subst"`' +lt_NL2SP='`$ECHO "$lt_NL2SP" | $SED "$delay_single_quote_subst"`' +lt_cv_to_host_file_cmd='`$ECHO "$lt_cv_to_host_file_cmd" | $SED "$delay_single_quote_subst"`' +lt_cv_to_tool_file_cmd='`$ECHO "$lt_cv_to_tool_file_cmd" | $SED "$delay_single_quote_subst"`' +reload_flag='`$ECHO "$reload_flag" | $SED "$delay_single_quote_subst"`' +reload_cmds='`$ECHO "$reload_cmds" | $SED "$delay_single_quote_subst"`' +OBJDUMP='`$ECHO "$OBJDUMP" | $SED "$delay_single_quote_subst"`' +deplibs_check_method='`$ECHO "$deplibs_check_method" | $SED "$delay_single_quote_subst"`' +file_magic_cmd='`$ECHO "$file_magic_cmd" | $SED "$delay_single_quote_subst"`' +file_magic_glob='`$ECHO "$file_magic_glob" | $SED "$delay_single_quote_subst"`' +want_nocaseglob='`$ECHO "$want_nocaseglob" | $SED "$delay_single_quote_subst"`' +DLLTOOL='`$ECHO "$DLLTOOL" | $SED "$delay_single_quote_subst"`' +sharedlib_from_linklib_cmd='`$ECHO "$sharedlib_from_linklib_cmd" | $SED "$delay_single_quote_subst"`' +AR='`$ECHO "$AR" | $SED "$delay_single_quote_subst"`' +AR_FLAGS='`$ECHO "$AR_FLAGS" | $SED "$delay_single_quote_subst"`' +archiver_list_spec='`$ECHO "$archiver_list_spec" | $SED "$delay_single_quote_subst"`' +STRIP='`$ECHO "$STRIP" | $SED "$delay_single_quote_subst"`' +RANLIB='`$ECHO "$RANLIB" | $SED "$delay_single_quote_subst"`' +old_postinstall_cmds='`$ECHO "$old_postinstall_cmds" | $SED "$delay_single_quote_subst"`' +old_postuninstall_cmds='`$ECHO "$old_postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_cmds='`$ECHO "$old_archive_cmds" | $SED "$delay_single_quote_subst"`' +lock_old_archive_extraction='`$ECHO "$lock_old_archive_extraction" | $SED "$delay_single_quote_subst"`' +CC='`$ECHO "$CC" | $SED "$delay_single_quote_subst"`' +CFLAGS='`$ECHO "$CFLAGS" | $SED "$delay_single_quote_subst"`' +compiler='`$ECHO "$compiler" | $SED "$delay_single_quote_subst"`' +GCC='`$ECHO "$GCC" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_pipe='`$ECHO "$lt_cv_sys_global_symbol_pipe" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_cdecl='`$ECHO "$lt_cv_sys_global_symbol_to_cdecl" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_import='`$ECHO "$lt_cv_sys_global_symbol_to_import" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address" | $SED "$delay_single_quote_subst"`' +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix='`$ECHO "$lt_cv_sys_global_symbol_to_c_name_address_lib_prefix" | $SED "$delay_single_quote_subst"`' +lt_cv_nm_interface='`$ECHO "$lt_cv_nm_interface" | $SED "$delay_single_quote_subst"`' +nm_file_list_spec='`$ECHO "$nm_file_list_spec" | $SED "$delay_single_quote_subst"`' +lt_sysroot='`$ECHO "$lt_sysroot" | $SED "$delay_single_quote_subst"`' +lt_cv_truncate_bin='`$ECHO "$lt_cv_truncate_bin" | $SED "$delay_single_quote_subst"`' +objdir='`$ECHO "$objdir" | $SED "$delay_single_quote_subst"`' +MAGIC_CMD='`$ECHO "$MAGIC_CMD" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_no_builtin_flag='`$ECHO "$lt_prog_compiler_no_builtin_flag" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_pic='`$ECHO "$lt_prog_compiler_pic" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_wl='`$ECHO "$lt_prog_compiler_wl" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_static='`$ECHO "$lt_prog_compiler_static" | $SED "$delay_single_quote_subst"`' +lt_cv_prog_compiler_c_o='`$ECHO "$lt_cv_prog_compiler_c_o" | $SED "$delay_single_quote_subst"`' +need_locks='`$ECHO "$need_locks" | $SED "$delay_single_quote_subst"`' +MANIFEST_TOOL='`$ECHO "$MANIFEST_TOOL" | $SED "$delay_single_quote_subst"`' +DSYMUTIL='`$ECHO "$DSYMUTIL" | $SED "$delay_single_quote_subst"`' +NMEDIT='`$ECHO "$NMEDIT" | $SED "$delay_single_quote_subst"`' +LIPO='`$ECHO "$LIPO" | $SED "$delay_single_quote_subst"`' +OTOOL='`$ECHO "$OTOOL" | $SED "$delay_single_quote_subst"`' +OTOOL64='`$ECHO "$OTOOL64" | $SED "$delay_single_quote_subst"`' +libext='`$ECHO "$libext" | $SED "$delay_single_quote_subst"`' +shrext_cmds='`$ECHO "$shrext_cmds" | $SED "$delay_single_quote_subst"`' +extract_expsyms_cmds='`$ECHO "$extract_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds_need_lc='`$ECHO "$archive_cmds_need_lc" | $SED "$delay_single_quote_subst"`' +enable_shared_with_static_runtimes='`$ECHO "$enable_shared_with_static_runtimes" | $SED "$delay_single_quote_subst"`' +export_dynamic_flag_spec='`$ECHO "$export_dynamic_flag_spec" | $SED "$delay_single_quote_subst"`' +whole_archive_flag_spec='`$ECHO "$whole_archive_flag_spec" | $SED "$delay_single_quote_subst"`' +compiler_needs_object='`$ECHO "$compiler_needs_object" | $SED "$delay_single_quote_subst"`' +old_archive_from_new_cmds='`$ECHO "$old_archive_from_new_cmds" | $SED "$delay_single_quote_subst"`' +old_archive_from_expsyms_cmds='`$ECHO "$old_archive_from_expsyms_cmds" | $SED "$delay_single_quote_subst"`' +archive_cmds='`$ECHO "$archive_cmds" | $SED "$delay_single_quote_subst"`' +archive_expsym_cmds='`$ECHO "$archive_expsym_cmds" | $SED "$delay_single_quote_subst"`' +module_cmds='`$ECHO "$module_cmds" | $SED "$delay_single_quote_subst"`' +module_expsym_cmds='`$ECHO "$module_expsym_cmds" | $SED "$delay_single_quote_subst"`' +with_gnu_ld='`$ECHO "$with_gnu_ld" | $SED "$delay_single_quote_subst"`' +allow_undefined_flag='`$ECHO "$allow_undefined_flag" | $SED "$delay_single_quote_subst"`' +no_undefined_flag='`$ECHO "$no_undefined_flag" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec='`$ECHO "$hardcode_libdir_flag_spec" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_separator='`$ECHO "$hardcode_libdir_separator" | $SED "$delay_single_quote_subst"`' +hardcode_direct='`$ECHO "$hardcode_direct" | $SED "$delay_single_quote_subst"`' +hardcode_direct_absolute='`$ECHO "$hardcode_direct_absolute" | $SED "$delay_single_quote_subst"`' +hardcode_minus_L='`$ECHO "$hardcode_minus_L" | $SED "$delay_single_quote_subst"`' +hardcode_shlibpath_var='`$ECHO "$hardcode_shlibpath_var" | $SED "$delay_single_quote_subst"`' +hardcode_automatic='`$ECHO "$hardcode_automatic" | $SED "$delay_single_quote_subst"`' +inherit_rpath='`$ECHO "$inherit_rpath" | $SED "$delay_single_quote_subst"`' +link_all_deplibs='`$ECHO "$link_all_deplibs" | $SED "$delay_single_quote_subst"`' +always_export_symbols='`$ECHO "$always_export_symbols" | $SED "$delay_single_quote_subst"`' +export_symbols_cmds='`$ECHO "$export_symbols_cmds" | $SED "$delay_single_quote_subst"`' +exclude_expsyms='`$ECHO "$exclude_expsyms" | $SED "$delay_single_quote_subst"`' +include_expsyms='`$ECHO "$include_expsyms" | $SED "$delay_single_quote_subst"`' +prelink_cmds='`$ECHO "$prelink_cmds" | $SED "$delay_single_quote_subst"`' +postlink_cmds='`$ECHO "$postlink_cmds" | $SED "$delay_single_quote_subst"`' +file_list_spec='`$ECHO "$file_list_spec" | $SED "$delay_single_quote_subst"`' +variables_saved_for_relink='`$ECHO "$variables_saved_for_relink" | $SED "$delay_single_quote_subst"`' +need_lib_prefix='`$ECHO "$need_lib_prefix" | $SED "$delay_single_quote_subst"`' +need_version='`$ECHO "$need_version" | $SED "$delay_single_quote_subst"`' +version_type='`$ECHO "$version_type" | $SED "$delay_single_quote_subst"`' +runpath_var='`$ECHO "$runpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_var='`$ECHO "$shlibpath_var" | $SED "$delay_single_quote_subst"`' +shlibpath_overrides_runpath='`$ECHO "$shlibpath_overrides_runpath" | $SED "$delay_single_quote_subst"`' +libname_spec='`$ECHO "$libname_spec" | $SED "$delay_single_quote_subst"`' +library_names_spec='`$ECHO "$library_names_spec" | $SED "$delay_single_quote_subst"`' +soname_spec='`$ECHO "$soname_spec" | $SED "$delay_single_quote_subst"`' +install_override_mode='`$ECHO "$install_override_mode" | $SED "$delay_single_quote_subst"`' +postinstall_cmds='`$ECHO "$postinstall_cmds" | $SED "$delay_single_quote_subst"`' +postuninstall_cmds='`$ECHO "$postuninstall_cmds" | $SED "$delay_single_quote_subst"`' +finish_cmds='`$ECHO "$finish_cmds" | $SED "$delay_single_quote_subst"`' +finish_eval='`$ECHO "$finish_eval" | $SED "$delay_single_quote_subst"`' +hardcode_into_libs='`$ECHO "$hardcode_into_libs" | $SED "$delay_single_quote_subst"`' +sys_lib_search_path_spec='`$ECHO "$sys_lib_search_path_spec" | $SED "$delay_single_quote_subst"`' +configure_time_dlsearch_path='`$ECHO "$configure_time_dlsearch_path" | $SED "$delay_single_quote_subst"`' +configure_time_lt_sys_library_path='`$ECHO "$configure_time_lt_sys_library_path" | $SED "$delay_single_quote_subst"`' +hardcode_action='`$ECHO "$hardcode_action" | $SED "$delay_single_quote_subst"`' +enable_dlopen='`$ECHO "$enable_dlopen" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self='`$ECHO "$enable_dlopen_self" | $SED "$delay_single_quote_subst"`' +enable_dlopen_self_static='`$ECHO "$enable_dlopen_self_static" | $SED "$delay_single_quote_subst"`' +old_striplib='`$ECHO "$old_striplib" | $SED "$delay_single_quote_subst"`' +striplib='`$ECHO "$striplib" | $SED "$delay_single_quote_subst"`' +compiler_lib_search_dirs='`$ECHO "$compiler_lib_search_dirs" | $SED "$delay_single_quote_subst"`' +predep_objects='`$ECHO "$predep_objects" | $SED "$delay_single_quote_subst"`' +postdep_objects='`$ECHO "$postdep_objects" | $SED "$delay_single_quote_subst"`' +predeps='`$ECHO "$predeps" | $SED "$delay_single_quote_subst"`' +postdeps='`$ECHO "$postdeps" | $SED "$delay_single_quote_subst"`' +compiler_lib_search_path='`$ECHO "$compiler_lib_search_path" | $SED "$delay_single_quote_subst"`' +LD_CXX='`$ECHO "$LD_CXX" | $SED "$delay_single_quote_subst"`' +reload_flag_CXX='`$ECHO "$reload_flag_CXX" | $SED "$delay_single_quote_subst"`' +reload_cmds_CXX='`$ECHO "$reload_cmds_CXX" | $SED "$delay_single_quote_subst"`' +old_archive_cmds_CXX='`$ECHO "$old_archive_cmds_CXX" | $SED "$delay_single_quote_subst"`' +compiler_CXX='`$ECHO "$compiler_CXX" | $SED "$delay_single_quote_subst"`' +GCC_CXX='`$ECHO "$GCC_CXX" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_no_builtin_flag_CXX='`$ECHO "$lt_prog_compiler_no_builtin_flag_CXX" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_pic_CXX='`$ECHO "$lt_prog_compiler_pic_CXX" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_wl_CXX='`$ECHO "$lt_prog_compiler_wl_CXX" | $SED "$delay_single_quote_subst"`' +lt_prog_compiler_static_CXX='`$ECHO "$lt_prog_compiler_static_CXX" | $SED "$delay_single_quote_subst"`' +lt_cv_prog_compiler_c_o_CXX='`$ECHO "$lt_cv_prog_compiler_c_o_CXX" | $SED "$delay_single_quote_subst"`' +archive_cmds_need_lc_CXX='`$ECHO "$archive_cmds_need_lc_CXX" | $SED "$delay_single_quote_subst"`' +enable_shared_with_static_runtimes_CXX='`$ECHO "$enable_shared_with_static_runtimes_CXX" | $SED "$delay_single_quote_subst"`' +export_dynamic_flag_spec_CXX='`$ECHO "$export_dynamic_flag_spec_CXX" | $SED "$delay_single_quote_subst"`' +whole_archive_flag_spec_CXX='`$ECHO "$whole_archive_flag_spec_CXX" | $SED "$delay_single_quote_subst"`' +compiler_needs_object_CXX='`$ECHO "$compiler_needs_object_CXX" | $SED "$delay_single_quote_subst"`' +old_archive_from_new_cmds_CXX='`$ECHO "$old_archive_from_new_cmds_CXX" | $SED "$delay_single_quote_subst"`' +old_archive_from_expsyms_cmds_CXX='`$ECHO "$old_archive_from_expsyms_cmds_CXX" | $SED "$delay_single_quote_subst"`' +archive_cmds_CXX='`$ECHO "$archive_cmds_CXX" | $SED "$delay_single_quote_subst"`' +archive_expsym_cmds_CXX='`$ECHO "$archive_expsym_cmds_CXX" | $SED "$delay_single_quote_subst"`' +module_cmds_CXX='`$ECHO "$module_cmds_CXX" | $SED "$delay_single_quote_subst"`' +module_expsym_cmds_CXX='`$ECHO "$module_expsym_cmds_CXX" | $SED "$delay_single_quote_subst"`' +with_gnu_ld_CXX='`$ECHO "$with_gnu_ld_CXX" | $SED "$delay_single_quote_subst"`' +allow_undefined_flag_CXX='`$ECHO "$allow_undefined_flag_CXX" | $SED "$delay_single_quote_subst"`' +no_undefined_flag_CXX='`$ECHO "$no_undefined_flag_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_flag_spec_CXX='`$ECHO "$hardcode_libdir_flag_spec_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_libdir_separator_CXX='`$ECHO "$hardcode_libdir_separator_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_direct_CXX='`$ECHO "$hardcode_direct_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_direct_absolute_CXX='`$ECHO "$hardcode_direct_absolute_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_minus_L_CXX='`$ECHO "$hardcode_minus_L_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_shlibpath_var_CXX='`$ECHO "$hardcode_shlibpath_var_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_automatic_CXX='`$ECHO "$hardcode_automatic_CXX" | $SED "$delay_single_quote_subst"`' +inherit_rpath_CXX='`$ECHO "$inherit_rpath_CXX" | $SED "$delay_single_quote_subst"`' +link_all_deplibs_CXX='`$ECHO "$link_all_deplibs_CXX" | $SED "$delay_single_quote_subst"`' +always_export_symbols_CXX='`$ECHO "$always_export_symbols_CXX" | $SED "$delay_single_quote_subst"`' +export_symbols_cmds_CXX='`$ECHO "$export_symbols_cmds_CXX" | $SED "$delay_single_quote_subst"`' +exclude_expsyms_CXX='`$ECHO "$exclude_expsyms_CXX" | $SED "$delay_single_quote_subst"`' +include_expsyms_CXX='`$ECHO "$include_expsyms_CXX" | $SED "$delay_single_quote_subst"`' +prelink_cmds_CXX='`$ECHO "$prelink_cmds_CXX" | $SED "$delay_single_quote_subst"`' +postlink_cmds_CXX='`$ECHO "$postlink_cmds_CXX" | $SED "$delay_single_quote_subst"`' +file_list_spec_CXX='`$ECHO "$file_list_spec_CXX" | $SED "$delay_single_quote_subst"`' +hardcode_action_CXX='`$ECHO "$hardcode_action_CXX" | $SED "$delay_single_quote_subst"`' +compiler_lib_search_dirs_CXX='`$ECHO "$compiler_lib_search_dirs_CXX" | $SED "$delay_single_quote_subst"`' +predep_objects_CXX='`$ECHO "$predep_objects_CXX" | $SED "$delay_single_quote_subst"`' +postdep_objects_CXX='`$ECHO "$postdep_objects_CXX" | $SED "$delay_single_quote_subst"`' +predeps_CXX='`$ECHO "$predeps_CXX" | $SED "$delay_single_quote_subst"`' +postdeps_CXX='`$ECHO "$postdeps_CXX" | $SED "$delay_single_quote_subst"`' +compiler_lib_search_path_CXX='`$ECHO "$compiler_lib_search_path_CXX" | $SED "$delay_single_quote_subst"`' + +LTCC='$LTCC' +LTCFLAGS='$LTCFLAGS' +compiler='$compiler_DEFAULT' + +# A function that is used when there is no print builtin or printf. +func_fallback_echo () +{ + eval 'cat <<_LTECHO_EOF +\$1 +_LTECHO_EOF' +} + +# Quote evaled strings. +for var in SHELL \ +ECHO \ +PATH_SEPARATOR \ +SED \ +GREP \ +EGREP \ +FGREP \ +LD \ +NM \ +LN_S \ +lt_SP2NL \ +lt_NL2SP \ +reload_flag \ +OBJDUMP \ +deplibs_check_method \ +file_magic_cmd \ +file_magic_glob \ +want_nocaseglob \ +DLLTOOL \ +sharedlib_from_linklib_cmd \ +AR \ +AR_FLAGS \ +archiver_list_spec \ +STRIP \ +RANLIB \ +CC \ +CFLAGS \ +compiler \ +lt_cv_sys_global_symbol_pipe \ +lt_cv_sys_global_symbol_to_cdecl \ +lt_cv_sys_global_symbol_to_import \ +lt_cv_sys_global_symbol_to_c_name_address \ +lt_cv_sys_global_symbol_to_c_name_address_lib_prefix \ +lt_cv_nm_interface \ +nm_file_list_spec \ +lt_cv_truncate_bin \ +lt_prog_compiler_no_builtin_flag \ +lt_prog_compiler_pic \ +lt_prog_compiler_wl \ +lt_prog_compiler_static \ +lt_cv_prog_compiler_c_o \ +need_locks \ +MANIFEST_TOOL \ +DSYMUTIL \ +NMEDIT \ +LIPO \ +OTOOL \ +OTOOL64 \ +shrext_cmds \ +export_dynamic_flag_spec \ +whole_archive_flag_spec \ +compiler_needs_object \ +with_gnu_ld \ +allow_undefined_flag \ +no_undefined_flag \ +hardcode_libdir_flag_spec \ +hardcode_libdir_separator \ +exclude_expsyms \ +include_expsyms \ +file_list_spec \ +variables_saved_for_relink \ +libname_spec \ +library_names_spec \ +soname_spec \ +install_override_mode \ +finish_eval \ +old_striplib \ +striplib \ +compiler_lib_search_dirs \ +predep_objects \ +postdep_objects \ +predeps \ +postdeps \ +compiler_lib_search_path \ +LD_CXX \ +reload_flag_CXX \ +compiler_CXX \ +lt_prog_compiler_no_builtin_flag_CXX \ +lt_prog_compiler_pic_CXX \ +lt_prog_compiler_wl_CXX \ +lt_prog_compiler_static_CXX \ +lt_cv_prog_compiler_c_o_CXX \ +export_dynamic_flag_spec_CXX \ +whole_archive_flag_spec_CXX \ +compiler_needs_object_CXX \ +with_gnu_ld_CXX \ +allow_undefined_flag_CXX \ +no_undefined_flag_CXX \ +hardcode_libdir_flag_spec_CXX \ +hardcode_libdir_separator_CXX \ +exclude_expsyms_CXX \ +include_expsyms_CXX \ +file_list_spec_CXX \ +compiler_lib_search_dirs_CXX \ +predep_objects_CXX \ +postdep_objects_CXX \ +predeps_CXX \ +postdeps_CXX \ +compiler_lib_search_path_CXX; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED \\"\\\$sed_quote_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +# Double-quote double-evaled strings. +for var in reload_cmds \ +old_postinstall_cmds \ +old_postuninstall_cmds \ +old_archive_cmds \ +extract_expsyms_cmds \ +old_archive_from_new_cmds \ +old_archive_from_expsyms_cmds \ +archive_cmds \ +archive_expsym_cmds \ +module_cmds \ +module_expsym_cmds \ +export_symbols_cmds \ +prelink_cmds \ +postlink_cmds \ +postinstall_cmds \ +postuninstall_cmds \ +finish_cmds \ +sys_lib_search_path_spec \ +configure_time_dlsearch_path \ +configure_time_lt_sys_library_path \ +reload_cmds_CXX \ +old_archive_cmds_CXX \ +old_archive_from_new_cmds_CXX \ +old_archive_from_expsyms_cmds_CXX \ +archive_cmds_CXX \ +archive_expsym_cmds_CXX \ +module_cmds_CXX \ +module_expsym_cmds_CXX \ +export_symbols_cmds_CXX \ +prelink_cmds_CXX \ +postlink_cmds_CXX; do + case \`eval \\\\\$ECHO \\\\""\\\\\$\$var"\\\\"\` in + *[\\\\\\\`\\"\\\$]*) + eval "lt_\$var=\\\\\\"\\\`\\\$ECHO \\"\\\$\$var\\" | \\\$SED -e \\"\\\$double_quote_subst\\" -e \\"\\\$sed_quote_subst\\" -e \\"\\\$delay_variable_subst\\"\\\`\\\\\\"" ## exclude from sc_prohibit_nested_quotes + ;; + *) + eval "lt_\$var=\\\\\\"\\\$\$var\\\\\\"" + ;; + esac +done + +ac_aux_dir='$ac_aux_dir' + +# See if we are running on zsh, and set the options that allow our +# commands through without removal of \ escapes INIT. +if test -n "\${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST +fi + + + PACKAGE='$PACKAGE' + VERSION='$VERSION' + RM='$RM' + ofile='$ofile' + + + + + + +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + +# Handling of arguments. +for ac_config_target in $ac_config_targets +do + case $ac_config_target in + "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; + "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; + "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "ext/yahttp/Makefile") CONFIG_FILES="$CONFIG_FILES ext/yahttp/Makefile" ;; + "ext/yahttp/yahttp/Makefile") CONFIG_FILES="$CONFIG_FILES ext/yahttp/yahttp/Makefile" ;; + "ext/ipcrypt/Makefile") CONFIG_FILES="$CONFIG_FILES ext/ipcrypt/Makefile" ;; + + *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; + esac +done + + +# If the user did not use the arguments to specify the items to instantiate, +# then the envvar interface is used. Set only those that are not. +# We use the long form for the default assignment because of an extremely +# bizarre bug on SunOS 4.1.3. +if $ac_need_defaults; then + test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files + test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands +fi + +# Have a temporary directory for convenience. Make it in the build tree +# simply because there is no reason against having it here, and in addition, +# creating and moving files from /tmp can sometimes cause problems. +# Hook for its removal unless debugging. +# Note that there is a small window in which the directory will not be cleaned: +# after its creation but before its name has been assigned to `$tmp'. +$debug || +{ + tmp= ac_tmp= + trap 'exit_status=$? + : "${ac_tmp:=$tmp}" + { test ! -d "$ac_tmp" || rm -fr "$ac_tmp"; } && exit $exit_status +' 0 + trap 'as_fn_exit 1' 1 2 13 15 +} +# Create a (secure) tmp directory for tmp files. + +{ + tmp=`(umask 077 && mktemp -d "./confXXXXXX") 2>/dev/null` && + test -d "$tmp" +} || +{ + tmp=./conf$$-$RANDOM + (umask 077 && mkdir "$tmp") +} || as_fn_error $? "cannot create a temporary directory in ." "$LINENO" 5 +ac_tmp=$tmp + +# Set up the scripts for CONFIG_FILES section. +# No need to generate them if there are no CONFIG_FILES. +# This happens for instance with `./config.status config.h'. +if test -n "$CONFIG_FILES"; then + + +ac_cr=`echo X | tr X '\015'` +# On cygwin, bash can eat \r inside `` if the user requested igncr. +# But we know of no other shell where ac_cr would be empty at this +# point, so we can use a bashism as a fallback. +if test "x$ac_cr" = x; then + eval ac_cr=\$\'\\r\' +fi +ac_cs_awk_cr=`$AWK 'BEGIN { print "a\rb" }' /dev/null` +if test "$ac_cs_awk_cr" = "a${ac_cr}b"; then + ac_cs_awk_cr='\\r' +else + ac_cs_awk_cr=$ac_cr +fi + +echo 'BEGIN {' >"$ac_tmp/subs1.awk" && +_ACEOF + + +{ + echo "cat >conf$$subs.awk <<_ACEOF" && + echo "$ac_subst_vars" | sed 's/.*/&!$&$ac_delim/' && + echo "_ACEOF" +} >conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 +ac_delim_num=`echo "$ac_subst_vars" | grep -c '^'` +ac_delim='%!_!# ' +for ac_last_try in false false false false false :; do + . ./conf$$subs.sh || + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + + ac_delim_n=`sed -n "s/.*$ac_delim\$/X/p" conf$$subs.awk | grep -c X` + if test $ac_delim_n = $ac_delim_num; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_STATUS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done +rm -f conf$$subs.sh + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +cat >>"\$ac_tmp/subs1.awk" <<\\_ACAWK && +_ACEOF +sed -n ' +h +s/^/S["/; s/!.*/"]=/ +p +g +s/^[^!]*!// +:repl +t repl +s/'"$ac_delim"'$// +t delim +:nl +h +s/\(.\{148\}\)..*/\1/ +t more1 +s/["\\]/\\&/g; s/^/"/; s/$/\\n"\\/ +p +n +b repl +:more1 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t nl +:delim +h +s/\(.\{148\}\)..*/\1/ +t more2 +s/["\\]/\\&/g; s/^/"/; s/$/"/ +p +b +:more2 +s/["\\]/\\&/g; s/^/"/; s/$/"\\/ +p +g +s/.\{148\}// +t delim +' >$CONFIG_STATUS || ac_write_fail=1 +rm -f conf$$subs.awk +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +_ACAWK +cat >>"\$ac_tmp/subs1.awk" <<_ACAWK && + for (key in S) S_is_set[key] = 1 + FS = "" + +} +{ + line = $ 0 + nfields = split(line, field, "@") + substed = 0 + len = length(field[1]) + for (i = 2; i < nfields; i++) { + key = field[i] + keylen = length(key) + if (S_is_set[key]) { + value = S[key] + line = substr(line, 1, len) "" value "" substr(line, len + keylen + 3) + len += length(value) + length(field[++i]) + substed = 1 + } else + len += 1 + keylen + } + + print line +} + +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +if sed "s/$ac_cr//" < /dev/null > /dev/null 2>&1; then + sed "s/$ac_cr\$//; s/$ac_cr/$ac_cs_awk_cr/g" +else + cat +fi < "$ac_tmp/subs1.awk" > "$ac_tmp/subs.awk" \ + || as_fn_error $? "could not setup config files machinery" "$LINENO" 5 +_ACEOF + +# VPATH may cause trouble with some makes, so we remove sole $(srcdir), +# ${srcdir} and @srcdir@ entries from VPATH if srcdir is ".", strip leading and +# trailing colons and then remove the whole line if VPATH becomes empty +# (actually we leave an empty line to preserve line numbers). +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[ ]*/{ +h +s/// +s/^/:/ +s/[ ]*$/:/ +s/:\$(srcdir):/:/g +s/:\${srcdir}:/:/g +s/:@srcdir@:/:/g +s/^:*// +s/:*$// +x +s/\(=[ ]*\).*/\1/ +G +s/\n// +s/^[^=]*=[ ]*$// +}' +fi + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +fi # test -n "$CONFIG_FILES" + +# Set up the scripts for CONFIG_HEADERS section. +# No need to generate them if there are no CONFIG_HEADERS. +# This happens for instance with `./config.status Makefile'. +if test -n "$CONFIG_HEADERS"; then +cat >"$ac_tmp/defines.awk" <<\_ACAWK || +BEGIN { +_ACEOF + +# Transform confdefs.h into an awk script `defines.awk', embedded as +# here-document in config.status, that substitutes the proper values into +# config.h.in to produce config.h. + +# Create a delimiter string that does not exist in confdefs.h, to ease +# handling of long lines. +ac_delim='%!_!# ' +for ac_last_try in false false :; do + ac_tt=`sed -n "/$ac_delim/p" confdefs.h` + if test -z "$ac_tt"; then + break + elif $ac_last_try; then + as_fn_error $? "could not make $CONFIG_HEADERS" "$LINENO" 5 + else + ac_delim="$ac_delim!$ac_delim _$ac_delim!! " + fi +done + +# For the awk script, D is an array of macro values keyed by name, +# likewise P contains macro parameters if any. Preserve backslash +# newline sequences. + +ac_word_re=[_$as_cr_Letters][_$as_cr_alnum]* +sed -n ' +s/.\{148\}/&'"$ac_delim"'/g +t rset +:rset +s/^[ ]*#[ ]*define[ ][ ]*/ / +t def +d +:def +s/\\$// +t bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3"/p +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2"/p +d +:bsnl +s/["\\]/\\&/g +s/^ \('"$ac_word_re"'\)\(([^()]*)\)[ ]*\(.*\)/P["\1"]="\2"\ +D["\1"]=" \3\\\\\\n"\\/p +t cont +s/^ \('"$ac_word_re"'\)[ ]*\(.*\)/D["\1"]=" \2\\\\\\n"\\/p +t cont +d +:cont +n +s/.\{148\}/&'"$ac_delim"'/g +t clear +:clear +s/\\$// +t bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/"/p +d +:bsnlc +s/["\\]/\\&/g; s/^/"/; s/$/\\\\\\n"\\/p +b cont +' >$CONFIG_STATUS || ac_write_fail=1 + +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + for (key in D) D_is_set[key] = 1 + FS = "" +} +/^[\t ]*#[\t ]*(define|undef)[\t ]+$ac_word_re([\t (]|\$)/ { + line = \$ 0 + split(line, arg, " ") + if (arg[1] == "#") { + defundef = arg[2] + mac1 = arg[3] + } else { + defundef = substr(arg[1], 2) + mac1 = arg[2] + } + split(mac1, mac2, "(") #) + macro = mac2[1] + prefix = substr(line, 1, index(line, defundef) - 1) + if (D_is_set[macro]) { + # Preserve the white space surrounding the "#". + print prefix "define", macro P[macro] D[macro] + next + } else { + # Replace #undef with comments. This is necessary, for example, + # in the case of _POSIX_SOURCE, which is predefined and required + # on some systems where configure will not decide to define it. + if (defundef == "undef") { + print "/*", prefix defundef, macro, "*/" + next + } + } +} +{ print } +_ACAWK +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 + as_fn_error $? "could not setup config headers machinery" "$LINENO" 5 +fi # test -n "$CONFIG_HEADERS" + + +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" +shift +for ac_tag +do + case $ac_tag in + :[FHLC]) ac_mode=$ac_tag; continue;; + esac + case $ac_mode$ac_tag in + :[FHL]*:*);; + :L* | :C*:*) as_fn_error $? "invalid tag \`$ac_tag'" "$LINENO" 5;; + :[FH]-) ac_tag=-:-;; + :[FH]*) ac_tag=$ac_tag:$ac_tag.in;; + esac + ac_save_IFS=$IFS + IFS=: + set x $ac_tag + IFS=$ac_save_IFS + shift + ac_file=$1 + shift + + case $ac_mode in + :L) ac_source=$1;; + :[FH]) + ac_file_inputs= + for ac_f + do + case $ac_f in + -) ac_f="$ac_tmp/stdin";; + *) # Look for the file first in the build tree, then in the source tree + # (if the path is not absolute). The absolute path cannot be DOS-style, + # because $ac_f cannot contain `:'. + test -f "$ac_f" || + case $ac_f in + [\\/$]*) false;; + *) test -f "$srcdir/$ac_f" && ac_f="$srcdir/$ac_f";; + esac || + as_fn_error 1 "cannot find input file: \`$ac_f'" "$LINENO" 5;; + esac + case $ac_f in *\'*) ac_f=`$as_echo "$ac_f" | sed "s/'/'\\\\\\\\''/g"`;; esac + as_fn_append ac_file_inputs " '$ac_f'" + done + + # Let's still pretend it is `configure' which instantiates (i.e., don't + # use $as_me), people would be surprised to read: + # /* config.h. Generated by config.status. */ + configure_input='Generated from '` + $as_echo "$*" | sed 's|^[^:]*/||;s|:[^:]*/|, |g' + `' by configure.' + if test x"$ac_file" != x-; then + configure_input="$ac_file. $configure_input" + { $as_echo "$as_me:${as_lineno-$LINENO}: creating $ac_file" >&5 +$as_echo "$as_me: creating $ac_file" >&6;} + fi + # Neutralize special characters interpreted by sed in replacement strings. + case $configure_input in #( + *\&* | *\|* | *\\* ) + ac_sed_conf_input=`$as_echo "$configure_input" | + sed 's/[\\\\&|]/\\\\&/g'`;; #( + *) ac_sed_conf_input=$configure_input;; + esac + + case $ac_tag in + *:-:* | *:-) cat >"$ac_tmp/stdin" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 ;; + esac + ;; + esac + + ac_dir=`$as_dirname -- "$ac_file" || +$as_expr X"$ac_file" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$ac_file" : 'X\(//\)[^/]' \| \ + X"$ac_file" : 'X\(//\)$' \| \ + X"$ac_file" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$ac_file" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + as_dir="$ac_dir"; as_fn_mkdir_p + ac_builddir=. + +case "$ac_dir" in +.) ac_dir_suffix= ac_top_builddir_sub=. ac_top_build_prefix= ;; +*) + ac_dir_suffix=/`$as_echo "$ac_dir" | sed 's|^\.[\\/]||'` + # A ".." for each directory in $ac_dir_suffix. + ac_top_builddir_sub=`$as_echo "$ac_dir_suffix" | sed 's|/[^\\/]*|/..|g;s|/||'` + case $ac_top_builddir_sub in + "") ac_top_builddir_sub=. ac_top_build_prefix= ;; + *) ac_top_build_prefix=$ac_top_builddir_sub/ ;; + esac ;; +esac +ac_abs_top_builddir=$ac_pwd +ac_abs_builddir=$ac_pwd$ac_dir_suffix +# for backward compatibility: +ac_top_builddir=$ac_top_build_prefix + +case $srcdir in + .) # We are building in place. + ac_srcdir=. + ac_top_srcdir=$ac_top_builddir_sub + ac_abs_top_srcdir=$ac_pwd ;; + [\\/]* | ?:[\\/]* ) # Absolute name. + ac_srcdir=$srcdir$ac_dir_suffix; + ac_top_srcdir=$srcdir + ac_abs_top_srcdir=$srcdir ;; + *) # Relative name. + ac_srcdir=$ac_top_build_prefix$srcdir$ac_dir_suffix + ac_top_srcdir=$ac_top_build_prefix$srcdir + ac_abs_top_srcdir=$ac_pwd/$srcdir ;; +esac +ac_abs_srcdir=$ac_abs_top_srcdir$ac_dir_suffix + + + case $ac_mode in + :F) + # + # CONFIG_FILE + # + + case $INSTALL in + [\\/$]* | ?:[\\/]* ) ac_INSTALL=$INSTALL ;; + *) ac_INSTALL=$ac_top_build_prefix$INSTALL ;; + esac + ac_MKDIR_P=$MKDIR_P + case $MKDIR_P in + [\\/$]* | ?:[\\/]* ) ;; + */*) ac_MKDIR_P=$ac_top_build_prefix$MKDIR_P ;; + esac +_ACEOF + +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +# If the template does not know about datarootdir, expand it. +# FIXME: This hack should be removed a few years after 2.60. +ac_datarootdir_hack=; ac_datarootdir_seen= +ac_sed_dataroot=' +/datarootdir/ { + p + q +} +/@datadir@/p +/@docdir@/p +/@infodir@/p +/@localedir@/p +/@mandir@/p' +case `eval "sed -n \"\$ac_sed_dataroot\" $ac_file_inputs"` in +*datarootdir*) ac_datarootdir_seen=yes;; +*@datadir@*|*@docdir@*|*@infodir@*|*@localedir@*|*@mandir@*) + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&5 +$as_echo "$as_me: WARNING: $ac_file_inputs seems to ignore the --datarootdir setting" >&2;} +_ACEOF +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 + ac_datarootdir_hack=' + s&@datadir@&$datadir&g + s&@docdir@&$docdir&g + s&@infodir@&$infodir&g + s&@localedir@&$localedir&g + s&@mandir@&$mandir&g + s&\\\${datarootdir}&$datarootdir&g' ;; +esac +_ACEOF + +# Neutralize VPATH when `$srcdir' = `.'. +# Shell code in configure.ac might set extrasub. +# FIXME: do we really want to maintain this feature? +cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 +ac_sed_extra="$ac_vpsub +$extrasub +_ACEOF +cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 +:t +/@[a-zA-Z_][a-zA-Z_0-9]*@/!b +s|@configure_input@|$ac_sed_conf_input|;t t +s&@top_builddir@&$ac_top_builddir_sub&;t t +s&@top_build_prefix@&$ac_top_build_prefix&;t t +s&@srcdir@&$ac_srcdir&;t t +s&@abs_srcdir@&$ac_abs_srcdir&;t t +s&@top_srcdir@&$ac_top_srcdir&;t t +s&@abs_top_srcdir@&$ac_abs_top_srcdir&;t t +s&@builddir@&$ac_builddir&;t t +s&@abs_builddir@&$ac_abs_builddir&;t t +s&@abs_top_builddir@&$ac_abs_top_builddir&;t t +s&@INSTALL@&$ac_INSTALL&;t t +s&@MKDIR_P@&$ac_MKDIR_P&;t t +$ac_datarootdir_hack +" +eval sed \"\$ac_sed_extra\" "$ac_file_inputs" | $AWK -f "$ac_tmp/subs.awk" \ + >$ac_tmp/out || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + +test -z "$ac_datarootdir_hack$ac_datarootdir_seen" && + { ac_out=`sed -n '/\${datarootdir}/p' "$ac_tmp/out"`; test -n "$ac_out"; } && + { ac_out=`sed -n '/^[ ]*datarootdir[ ]*:*=/p' \ + "$ac_tmp/out"`; test -z "$ac_out"; } && + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&5 +$as_echo "$as_me: WARNING: $ac_file contains a reference to the variable \`datarootdir' +which seems to be undefined. Please make sure it is defined" >&2;} + + rm -f "$ac_tmp/stdin" + case $ac_file in + -) cat "$ac_tmp/out" && rm -f "$ac_tmp/out";; + *) rm -f "$ac_file" && mv "$ac_tmp/out" "$ac_file";; + esac \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + ;; + :H) + # + # CONFIG_HEADER + # + if test x"$ac_file" != x-; then + { + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" + } >"$ac_tmp/config.h" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + if diff "$ac_file" "$ac_tmp/config.h" >/dev/null 2>&1; then + { $as_echo "$as_me:${as_lineno-$LINENO}: $ac_file is unchanged" >&5 +$as_echo "$as_me: $ac_file is unchanged" >&6;} + else + rm -f "$ac_file" + mv "$ac_tmp/config.h" "$ac_file" \ + || as_fn_error $? "could not create $ac_file" "$LINENO" 5 + fi + else + $as_echo "/* $configure_input */" \ + && eval '$AWK -f "$ac_tmp/defines.awk"' "$ac_file_inputs" \ + || as_fn_error $? "could not create -" "$LINENO" 5 + fi +# Compute "$ac_file"'s index in $config_headers. +_am_arg="$ac_file" +_am_stamp_count=1 +for _am_header in $config_headers :; do + case $_am_header in + $_am_arg | $_am_arg:* ) + break ;; + * ) + _am_stamp_count=`expr $_am_stamp_count + 1` ;; + esac +done +echo "timestamp for $_am_arg" >`$as_dirname -- "$_am_arg" || +$as_expr X"$_am_arg" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$_am_arg" : 'X\(//\)[^/]' \| \ + X"$_am_arg" : 'X\(//\)$' \| \ + X"$_am_arg" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$_am_arg" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'`/stamp-h$_am_stamp_count + ;; + + :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 +$as_echo "$as_me: executing $ac_file commands" >&6;} + ;; + esac + + + case $ac_file$ac_mode in + "depfiles":C) test x"$AMDEP_TRUE" != x"" || { + # Older Autoconf quotes --file arguments for eval, but not when files + # are listed without --file. Let's play safe and only enable the eval + # if we detect the quoting. + # TODO: see whether this extra hack can be removed once we start + # requiring Autoconf 2.70 or later. + case $CONFIG_FILES in #( + *\'*) : + eval set x "$CONFIG_FILES" ;; #( + *) : + set x $CONFIG_FILES ;; #( + *) : + ;; +esac + shift + # Used to flag and report bootstrapping failures. + am_rc=0 + for am_mf + do + # Strip MF so we end up with the name of the file. + am_mf=`$as_echo "$am_mf" | sed -e 's/:.*$//'` + # Check whether this is an Automake generated Makefile which includes + # dependency-tracking related rules and includes. + # Grep'ing the whole file directly is not great: AIX grep has a line + # limit of 2048, but all sed's we know have understand at least 4000. + sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ + || continue + am_dirpart=`$as_dirname -- "$am_mf" || +$as_expr X"$am_mf" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$am_mf" : 'X\(//\)[^/]' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X"$am_mf" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + am_filepart=`$as_basename -- "$am_mf" || +$as_expr X/"$am_mf" : '.*/\([^/][^/]*\)/*$' \| \ + X"$am_mf" : 'X\(//\)$' \| \ + X"$am_mf" : 'X\(/\)' \| . 2>/dev/null || +$as_echo X/"$am_mf" | + sed '/^.*\/\([^/][^/]*\)\/*$/{ + s//\1/ + q + } + /^X\/\(\/\/\)$/{ + s//\1/ + q + } + /^X\/\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q'` + { echo "$as_me:$LINENO: cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles" >&5 + (cd "$am_dirpart" \ + && sed -e '/# am--include-marker/d' "$am_filepart" \ + | $MAKE -f - am--depfiles) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } || am_rc=$? + done + if test $am_rc -ne 0; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "Something went wrong bootstrapping makefile fragments + for automatic dependency tracking. Try re-running configure with the + '--disable-dependency-tracking' option to at least be able to build + the package (albeit without support for automatic dependency tracking). +See \`config.log' for more details" "$LINENO" 5; } + fi + { am_dirpart=; unset am_dirpart;} + { am_filepart=; unset am_filepart;} + { am_mf=; unset am_mf;} + { am_rc=; unset am_rc;} + rm -f conftest-deps.mk +} + ;; + "libtool":C) + + # See if we are running on zsh, and set the options that allow our + # commands through without removal of \ escapes. + if test -n "${ZSH_VERSION+set}"; then + setopt NO_GLOB_SUBST + fi + + cfgfile=${ofile}T + trap "$RM \"$cfgfile\"; exit 1" 1 2 15 + $RM "$cfgfile" + + cat <<_LT_EOF >> "$cfgfile" +#! $SHELL +# Generated automatically by $as_me ($PACKAGE) $VERSION +# Libtool was configured on host `(hostname || uname -n) 2>/dev/null | sed 1q`: +# NOTE: Changes made to this file will be lost: look at ltmain.sh. + +# Provide generalized library-building support services. +# Written by Gordon Matzigkeit, 1996 + +# Copyright (C) 2014 Free Software Foundation, Inc. +# This is free software; see the source for copying conditions. There is NO +# warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + +# GNU Libtool is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of of the License, or +# (at your option) any later version. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program or library that is built +# using GNU Libtool, you may include this file under the same +# distribution terms that you use for the rest of that program. +# +# GNU Libtool is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + + +# The names of the tagged configurations supported by this script. +available_tags='CXX ' + +# Configured defaults for sys_lib_dlsearch_path munging. +: \${LT_SYS_LIBRARY_PATH="$configure_time_lt_sys_library_path"} + +# ### BEGIN LIBTOOL CONFIG + +# Which release of libtool.m4 was used? +macro_version=$macro_version +macro_revision=$macro_revision + +# Whether or not to build static libraries. +build_old_libs=$enable_static + +# Whether or not to build shared libraries. +build_libtool_libs=$enable_shared + +# What type of objects to build. +pic_mode=$pic_mode + +# Whether or not to optimize for fast installation. +fast_install=$enable_fast_install + +# Shared archive member basename,for filename based shared library versioning on AIX. +shared_archive_member_spec=$shared_archive_member_spec + +# Shell to use when invoking shell scripts. +SHELL=$lt_SHELL + +# An echo program that protects backslashes. +ECHO=$lt_ECHO + +# The PATH separator for the build system. +PATH_SEPARATOR=$lt_PATH_SEPARATOR + +# The host system. +host_alias=$host_alias +host=$host +host_os=$host_os + +# The build system. +build_alias=$build_alias +build=$build +build_os=$build_os + +# A sed program that does not truncate output. +SED=$lt_SED + +# Sed that helps us avoid accidentally triggering echo(1) options like -n. +Xsed="\$SED -e 1s/^X//" + +# A grep program that handles long lines. +GREP=$lt_GREP + +# An ERE matcher. +EGREP=$lt_EGREP + +# A literal string matcher. +FGREP=$lt_FGREP + +# A BSD- or MS-compatible name lister. +NM=$lt_NM + +# Whether we need soft or hard links. +LN_S=$lt_LN_S + +# What is the maximum length of a command? +max_cmd_len=$max_cmd_len + +# Object file suffix (normally "o"). +objext=$ac_objext + +# Executable file suffix (normally ""). +exeext=$exeext + +# whether the shell understands "unset". +lt_unset=$lt_unset + +# turn spaces into newlines. +SP2NL=$lt_lt_SP2NL + +# turn newlines into spaces. +NL2SP=$lt_lt_NL2SP + +# convert \$build file names to \$host format. +to_host_file_cmd=$lt_cv_to_host_file_cmd + +# convert \$build files to toolchain format. +to_tool_file_cmd=$lt_cv_to_tool_file_cmd + +# An object symbol dumper. +OBJDUMP=$lt_OBJDUMP + +# Method to check whether dependent libraries are shared objects. +deplibs_check_method=$lt_deplibs_check_method + +# Command to use when deplibs_check_method = "file_magic". +file_magic_cmd=$lt_file_magic_cmd + +# How to find potential files when deplibs_check_method = "file_magic". +file_magic_glob=$lt_file_magic_glob + +# Find potential files using nocaseglob when deplibs_check_method = "file_magic". +want_nocaseglob=$lt_want_nocaseglob + +# DLL creation program. +DLLTOOL=$lt_DLLTOOL + +# Command to associate shared and link libraries. +sharedlib_from_linklib_cmd=$lt_sharedlib_from_linklib_cmd + +# The archiver. +AR=$lt_AR + +# Flags to create an archive. +AR_FLAGS=$lt_AR_FLAGS + +# How to feed a file listing to the archiver. +archiver_list_spec=$lt_archiver_list_spec + +# A symbol stripping program. +STRIP=$lt_STRIP + +# Commands used to install an old-style archive. +RANLIB=$lt_RANLIB +old_postinstall_cmds=$lt_old_postinstall_cmds +old_postuninstall_cmds=$lt_old_postuninstall_cmds + +# Whether to use a lock for old archive extraction. +lock_old_archive_extraction=$lock_old_archive_extraction + +# A C compiler. +LTCC=$lt_CC + +# LTCC compiler flags. +LTCFLAGS=$lt_CFLAGS + +# Take the output of nm and produce a listing of raw symbols and C names. +global_symbol_pipe=$lt_lt_cv_sys_global_symbol_pipe + +# Transform the output of nm in a proper C declaration. +global_symbol_to_cdecl=$lt_lt_cv_sys_global_symbol_to_cdecl + +# Transform the output of nm into a list of symbols to manually relocate. +global_symbol_to_import=$lt_lt_cv_sys_global_symbol_to_import + +# Transform the output of nm in a C name address pair. +global_symbol_to_c_name_address=$lt_lt_cv_sys_global_symbol_to_c_name_address + +# Transform the output of nm in a C name address pair when lib prefix is needed. +global_symbol_to_c_name_address_lib_prefix=$lt_lt_cv_sys_global_symbol_to_c_name_address_lib_prefix + +# The name lister interface. +nm_interface=$lt_lt_cv_nm_interface + +# Specify filename containing input files for \$NM. +nm_file_list_spec=$lt_nm_file_list_spec + +# The root where to search for dependent libraries,and where our libraries should be installed. +lt_sysroot=$lt_sysroot + +# Command to truncate a binary pipe. +lt_truncate_bin=$lt_lt_cv_truncate_bin + +# The name of the directory that contains temporary libtool files. +objdir=$objdir + +# Used to examine libraries when file_magic_cmd begins with "file". +MAGIC_CMD=$MAGIC_CMD + +# Must we lock files when doing compilation? +need_locks=$lt_need_locks + +# Manifest tool. +MANIFEST_TOOL=$lt_MANIFEST_TOOL + +# Tool to manipulate archived DWARF debug symbol files on Mac OS X. +DSYMUTIL=$lt_DSYMUTIL + +# Tool to change global to local symbols on Mac OS X. +NMEDIT=$lt_NMEDIT + +# Tool to manipulate fat objects and archives on Mac OS X. +LIPO=$lt_LIPO + +# ldd/readelf like tool for Mach-O binaries on Mac OS X. +OTOOL=$lt_OTOOL + +# ldd/readelf like tool for 64 bit Mach-O binaries on Mac OS X 10.4. +OTOOL64=$lt_OTOOL64 + +# Old archive suffix (normally "a"). +libext=$libext + +# Shared library suffix (normally ".so"). +shrext_cmds=$lt_shrext_cmds + +# The commands to extract the exported symbol list from a shared archive. +extract_expsyms_cmds=$lt_extract_expsyms_cmds + +# Variables whose values should be saved in libtool wrapper scripts and +# restored at link time. +variables_saved_for_relink=$lt_variables_saved_for_relink + +# Do we need the "lib" prefix for modules? +need_lib_prefix=$need_lib_prefix + +# Do we need a version for libraries? +need_version=$need_version + +# Library versioning type. +version_type=$version_type + +# Shared library runtime path variable. +runpath_var=$runpath_var + +# Shared library path variable. +shlibpath_var=$shlibpath_var + +# Is shlibpath searched before the hard-coded library search path? +shlibpath_overrides_runpath=$shlibpath_overrides_runpath + +# Format of library name prefix. +libname_spec=$lt_libname_spec + +# List of archive names. First name is the real one, the rest are links. +# The last name is the one that the linker finds with -lNAME +library_names_spec=$lt_library_names_spec + +# The coded name of the library, if different from the real name. +soname_spec=$lt_soname_spec + +# Permission mode override for installation of shared libraries. +install_override_mode=$lt_install_override_mode + +# Command to use after installation of a shared archive. +postinstall_cmds=$lt_postinstall_cmds + +# Command to use after uninstallation of a shared archive. +postuninstall_cmds=$lt_postuninstall_cmds + +# Commands used to finish a libtool library installation in a directory. +finish_cmds=$lt_finish_cmds + +# As "finish_cmds", except a single script fragment to be evaled but +# not shown. +finish_eval=$lt_finish_eval + +# Whether we should hardcode library paths into libraries. +hardcode_into_libs=$hardcode_into_libs + +# Compile-time system search path for libraries. +sys_lib_search_path_spec=$lt_sys_lib_search_path_spec + +# Detected run-time system search path for libraries. +sys_lib_dlsearch_path_spec=$lt_configure_time_dlsearch_path + +# Explicit LT_SYS_LIBRARY_PATH set during ./configure time. +configure_time_lt_sys_library_path=$lt_configure_time_lt_sys_library_path + +# Whether dlopen is supported. +dlopen_support=$enable_dlopen + +# Whether dlopen of programs is supported. +dlopen_self=$enable_dlopen_self + +# Whether dlopen of statically linked programs is supported. +dlopen_self_static=$enable_dlopen_self_static + +# Commands to strip libraries. +old_striplib=$lt_old_striplib +striplib=$lt_striplib + + +# The linker used to build libraries. +LD=$lt_LD + +# How to create reloadable object files. +reload_flag=$lt_reload_flag +reload_cmds=$lt_reload_cmds + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds + +# A language specific compiler. +CC=$lt_compiler + +# Is the compiler the GNU compiler? +with_gcc=$GCC + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds +archive_expsym_cmds=$lt_archive_expsym_cmds + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds +module_expsym_cmds=$lt_module_expsym_cmds + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \$shlibpath_var if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds + +# Commands necessary for finishing linking programs. +postlink_cmds=$lt_postlink_cmds + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action + +# The directories searched by this compiler when creating a shared library. +compiler_lib_search_dirs=$lt_compiler_lib_search_dirs + +# Dependencies to place before and after the objects being linked to +# create a shared library. +predep_objects=$lt_predep_objects +postdep_objects=$lt_postdep_objects +predeps=$lt_predeps +postdeps=$lt_postdeps + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path + +# ### END LIBTOOL CONFIG + +_LT_EOF + + cat <<'_LT_EOF' >> "$cfgfile" + +# ### BEGIN FUNCTIONS SHARED WITH CONFIGURE + +# func_munge_path_list VARIABLE PATH +# ----------------------------------- +# VARIABLE is name of variable containing _space_ separated list of +# directories to be munged by the contents of PATH, which is string +# having a format: +# "DIR[:DIR]:" +# string "DIR[ DIR]" will be prepended to VARIABLE +# ":DIR[:DIR]" +# string "DIR[ DIR]" will be appended to VARIABLE +# "DIRP[:DIRP]::[DIRA:]DIRA" +# string "DIRP[ DIRP]" will be prepended to VARIABLE and string +# "DIRA[ DIRA]" will be appended to VARIABLE +# "DIR[:DIR]" +# VARIABLE will be replaced by "DIR[ DIR]" +func_munge_path_list () +{ + case x$2 in + x) + ;; + *:) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'` \$$1\" + ;; + x:*) + eval $1=\"\$$1 `$ECHO $2 | $SED 's/:/ /g'`\" + ;; + *::*) + eval $1=\"\$$1\ `$ECHO $2 | $SED -e 's/.*:://' -e 's/:/ /g'`\" + eval $1=\"`$ECHO $2 | $SED -e 's/::.*//' -e 's/:/ /g'`\ \$$1\" + ;; + *) + eval $1=\"`$ECHO $2 | $SED 's/:/ /g'`\" + ;; + esac +} + + +# Calculate cc_basename. Skip known compiler wrappers and cross-prefix. +func_cc_basename () +{ + for cc_temp in $*""; do + case $cc_temp in + compile | *[\\/]compile | ccache | *[\\/]ccache ) ;; + distcc | *[\\/]distcc | purify | *[\\/]purify ) ;; + \-*) ;; + *) break;; + esac + done + func_cc_basename_result=`$ECHO "$cc_temp" | $SED "s%.*/%%; s%^$host_alias-%%"` +} + + +# ### END FUNCTIONS SHARED WITH CONFIGURE + +_LT_EOF + + case $host_os in + aix3*) + cat <<\_LT_EOF >> "$cfgfile" +# AIX sometimes has problems with the GCC collect2 program. For some +# reason, if we set the COLLECT_NAMES environment variable, the problems +# vanish in a puff of smoke. +if test set != "${COLLECT_NAMES+set}"; then + COLLECT_NAMES= + export COLLECT_NAMES +fi +_LT_EOF + ;; + esac + + +ltmain=$ac_aux_dir/ltmain.sh + + + # We use sed instead of cat because bash on DJGPP gets confused if + # if finds mixed CR/LF and LF-only lines. Since sed operates in + # text mode, it properly converts lines to CR/LF. This bash problem + # is reportedly fixed, but why not run on old versions too? + sed '$q' "$ltmain" >> "$cfgfile" \ + || (rm -f "$cfgfile"; exit 1) + + mv -f "$cfgfile" "$ofile" || + (rm -f "$ofile" && cp "$cfgfile" "$ofile" && rm -f "$cfgfile") + chmod +x "$ofile" + + + cat <<_LT_EOF >> "$ofile" + +# ### BEGIN LIBTOOL TAG CONFIG: CXX + +# The linker used to build libraries. +LD=$lt_LD_CXX + +# How to create reloadable object files. +reload_flag=$lt_reload_flag_CXX +reload_cmds=$lt_reload_cmds_CXX + +# Commands used to build an old-style archive. +old_archive_cmds=$lt_old_archive_cmds_CXX + +# A language specific compiler. +CC=$lt_compiler_CXX + +# Is the compiler the GNU compiler? +with_gcc=$GCC_CXX + +# Compiler flag to turn off builtin functions. +no_builtin_flag=$lt_lt_prog_compiler_no_builtin_flag_CXX + +# Additional compiler flags for building library objects. +pic_flag=$lt_lt_prog_compiler_pic_CXX + +# How to pass a linker flag through the compiler. +wl=$lt_lt_prog_compiler_wl_CXX + +# Compiler flag to prevent dynamic linking. +link_static_flag=$lt_lt_prog_compiler_static_CXX + +# Does compiler simultaneously support -c and -o options? +compiler_c_o=$lt_lt_cv_prog_compiler_c_o_CXX + +# Whether or not to add -lc for building shared libraries. +build_libtool_need_lc=$archive_cmds_need_lc_CXX + +# Whether or not to disallow shared libs when runtime libs are static. +allow_libtool_libs_with_static_runtimes=$enable_shared_with_static_runtimes_CXX + +# Compiler flag to allow reflexive dlopens. +export_dynamic_flag_spec=$lt_export_dynamic_flag_spec_CXX + +# Compiler flag to generate shared objects directly from archives. +whole_archive_flag_spec=$lt_whole_archive_flag_spec_CXX + +# Whether the compiler copes with passing no objects directly. +compiler_needs_object=$lt_compiler_needs_object_CXX + +# Create an old-style archive from a shared archive. +old_archive_from_new_cmds=$lt_old_archive_from_new_cmds_CXX + +# Create a temporary old-style archive to link instead of a shared archive. +old_archive_from_expsyms_cmds=$lt_old_archive_from_expsyms_cmds_CXX + +# Commands used to build a shared archive. +archive_cmds=$lt_archive_cmds_CXX +archive_expsym_cmds=$lt_archive_expsym_cmds_CXX + +# Commands used to build a loadable module if different from building +# a shared archive. +module_cmds=$lt_module_cmds_CXX +module_expsym_cmds=$lt_module_expsym_cmds_CXX + +# Whether we are building with GNU ld or not. +with_gnu_ld=$lt_with_gnu_ld_CXX + +# Flag that allows shared libraries with undefined symbols to be built. +allow_undefined_flag=$lt_allow_undefined_flag_CXX + +# Flag that enforces no undefined symbols. +no_undefined_flag=$lt_no_undefined_flag_CXX + +# Flag to hardcode \$libdir into a binary during linking. +# This must work even if \$libdir does not exist +hardcode_libdir_flag_spec=$lt_hardcode_libdir_flag_spec_CXX + +# Whether we need a single "-rpath" flag with a separated argument. +hardcode_libdir_separator=$lt_hardcode_libdir_separator_CXX + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary. +hardcode_direct=$hardcode_direct_CXX + +# Set to "yes" if using DIR/libNAME\$shared_ext during linking hardcodes +# DIR into the resulting binary and the resulting library dependency is +# "absolute",i.e impossible to change by setting \$shlibpath_var if the +# library is relocated. +hardcode_direct_absolute=$hardcode_direct_absolute_CXX + +# Set to "yes" if using the -LDIR flag during linking hardcodes DIR +# into the resulting binary. +hardcode_minus_L=$hardcode_minus_L_CXX + +# Set to "yes" if using SHLIBPATH_VAR=DIR during linking hardcodes DIR +# into the resulting binary. +hardcode_shlibpath_var=$hardcode_shlibpath_var_CXX + +# Set to "yes" if building a shared library automatically hardcodes DIR +# into the library and all subsequent libraries and executables linked +# against it. +hardcode_automatic=$hardcode_automatic_CXX + +# Set to yes if linker adds runtime paths of dependent libraries +# to runtime path list. +inherit_rpath=$inherit_rpath_CXX + +# Whether libtool must link a program against all its dependency libraries. +link_all_deplibs=$link_all_deplibs_CXX + +# Set to "yes" if exported symbols are required. +always_export_symbols=$always_export_symbols_CXX + +# The commands to list exported symbols. +export_symbols_cmds=$lt_export_symbols_cmds_CXX + +# Symbols that should not be listed in the preloaded symbols. +exclude_expsyms=$lt_exclude_expsyms_CXX + +# Symbols that must always be exported. +include_expsyms=$lt_include_expsyms_CXX + +# Commands necessary for linking programs (against libraries) with templates. +prelink_cmds=$lt_prelink_cmds_CXX + +# Commands necessary for finishing linking programs. +postlink_cmds=$lt_postlink_cmds_CXX + +# Specify filename containing input files. +file_list_spec=$lt_file_list_spec_CXX + +# How to hardcode a shared library path into an executable. +hardcode_action=$hardcode_action_CXX + +# The directories searched by this compiler when creating a shared library. +compiler_lib_search_dirs=$lt_compiler_lib_search_dirs_CXX + +# Dependencies to place before and after the objects being linked to +# create a shared library. +predep_objects=$lt_predep_objects_CXX +postdep_objects=$lt_postdep_objects_CXX +predeps=$lt_predeps_CXX +postdeps=$lt_postdeps_CXX + +# The library search path used internally by the compiler when linking +# a shared library. +compiler_lib_search_path=$lt_compiler_lib_search_path_CXX + +# ### END LIBTOOL TAG CONFIG: CXX +_LT_EOF + + ;; + + esac +done # for ac_tag + + +as_fn_exit 0 +_ACEOF +ac_clean_files=$ac_clean_files_save + +test $ac_write_fail = 0 || + as_fn_error $? "write failure creating $CONFIG_STATUS" "$LINENO" 5 + + +# configure is writing to config.log, and then calls config.status. +# config.status does its own redirection, appending to config.log. +# Unfortunately, on DOS this fails, as config.log is still kept open +# by configure, so config.status won't be able to write to it; its +# output is simply discarded. So we exec the FD to /dev/null, +# effectively closing config.log, so it can be properly (re)opened and +# appended to by config.status. When coming back to configure, we +# need to make the FD available again. +if test "$no_create" != yes; then + ac_cs_success=: + ac_config_status_args= + test "$silent" = yes && + ac_config_status_args="$ac_config_status_args --quiet" + exec 5>/dev/null + $SHELL $CONFIG_STATUS $ac_config_status_args || ac_cs_success=false + exec 5>>config.log + # Use ||, not &&, to avoid exiting from the if with $? = 1, which + # would make configure fail if this is the last instruction. + $ac_cs_success || as_fn_exit 1 +fi +if test -n "$ac_unrecognized_opts" && test "$enable_option_checking" != no; then + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: unrecognized options: $ac_unrecognized_opts" >&5 +$as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} +fi + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: " >&5 +$as_echo "$as_me: " >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: Configuration summary" >&5 +$as_echo "$as_me: Configuration summary" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: =====================" >&5 +$as_echo "$as_me: =====================" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: " >&5 +$as_echo "$as_me: " >&6;} +if test "x$ac_configure_args" != "x"; then : + summary_conf_opts=$ac_configure_args +else + summary_conf_opts="(no options)" + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: dnsdist configured with: $summary_conf_opts" >&5 +$as_echo "$as_me: dnsdist configured with: $summary_conf_opts" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: " >&5 +$as_echo "$as_me: " >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: CC: $CC" >&5 +$as_echo "$as_me: CC: $CC" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: CXX: $CXX" >&5 +$as_echo "$as_me: CXX: $CXX" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: LD: $LD" >&5 +$as_echo "$as_me: LD: $LD" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: CFLAGS: $CFLAGS" >&5 +$as_echo "$as_me: CFLAGS: $CFLAGS" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: CPPFLAGS: $CPPFLAGS" >&5 +$as_echo "$as_me: CPPFLAGS: $CPPFLAGS" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: CXXFLAGS: $CXXFLAGS" >&5 +$as_echo "$as_me: CXXFLAGS: $CXXFLAGS" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: LDFLAGS: $LDFLAGS" >&5 +$as_echo "$as_me: LDFLAGS: $LDFLAGS" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: LIBS: $LIBS" >&5 +$as_echo "$as_me: LIBS: $LIBS" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: BOOST_CPPFLAGS: $BOOST_CPPFLAGS" >&5 +$as_echo "$as_me: BOOST_CPPFLAGS: $BOOST_CPPFLAGS" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: " >&5 +$as_echo "$as_me: " >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: Features enabled" >&5 +$as_echo "$as_me: Features enabled" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: ----------------" >&5 +$as_echo "$as_me: ----------------" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: Lua: $LUAPC" >&5 +$as_echo "$as_me: Lua: $LUAPC" >&6;} +{ $as_echo "$as_me:${as_lineno-$LINENO}: Protobuf: yes" >&5 +$as_echo "$as_me: Protobuf: yes" >&6;} +if test "x$systemd" != "xn"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: systemd: yes" >&5 +$as_echo "$as_me: systemd: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: systemd: no" >&5 +$as_echo "$as_me: systemd: no" >&6;} + +fi +if test "x$LIBCRYPTO_LIBS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: ipcipher: yes" >&5 +$as_echo "$as_me: ipcipher: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: ipcipher: no" >&5 +$as_echo "$as_me: ipcipher: no" >&6;} + +fi +if test "x$LIBSODIUM_LIBS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: libsodium: yes" >&5 +$as_echo "$as_me: libsodium: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: libsodium: no" >&5 +$as_echo "$as_me: libsodium: no" >&6;} + +fi +if test "x$enable_dnscrypt" != "xno"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: DNSCrypt: yes" >&5 +$as_echo "$as_me: DNSCrypt: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: DNSCrypt: no" >&5 +$as_echo "$as_me: DNSCrypt: no" >&6;} + +fi +if test "x$FSTRM_LIBS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: dnstap: yes" >&5 +$as_echo "$as_me: dnstap: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: dnstap: no" >&5 +$as_echo "$as_me: dnstap: no" >&6;} + +fi +if test "x$RE2_LIBS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: re2: yes" >&5 +$as_echo "$as_me: re2: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: re2: no" >&5 +$as_echo "$as_me: re2: no" >&6;} + +fi +if test "x$NET_SNMP_LIBS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: SNMP: yes" >&5 +$as_echo "$as_me: SNMP: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: SNMP: no" >&5 +$as_echo "$as_me: SNMP: no" >&6;} + +fi +if test "x$enable_dns_over_tls" != "xno"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: DNS over TLS: yes" >&5 +$as_echo "$as_me: DNS over TLS: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: DNS over TLS: no" >&5 +$as_echo "$as_me: DNS over TLS: no" >&6;} + +fi +if test "x$enable_dns_over_https" != "xno"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: DNS over HTTPS (DoH): yes" >&5 +$as_echo "$as_me: DNS over HTTPS (DoH): yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: DNS over HTTPS (DoH): no" >&5 +$as_echo "$as_me: DNS over HTTPS (DoH): no" >&6;} + +fi +if test "x$enable_dns_over_tls" != "xno"; then : + + if test "x$GNUTLS_LIBS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: GnuTLS: yes" >&5 +$as_echo "$as_me: GnuTLS: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: GnuTLS: no" >&5 +$as_echo "$as_me: GnuTLS: no" >&6;} + +fi + +fi +if test "x$enable_dns_over_tls" != "xno" -o "x$enable_dns_over_https" != "xno"; then : + + if test "x$LIBSSL_LIBS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: OpenSSL: yes" >&5 +$as_echo "$as_me: OpenSSL: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: OpenSSL: no" >&5 +$as_echo "$as_me: OpenSSL: no" >&6;} + +fi + +fi +if test "x$NGHTTP2_LIBS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: nghttp2: yes" >&5 +$as_echo "$as_me: nghttp2: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: nghttp2: no" >&5 +$as_echo "$as_me: nghttp2: no" >&6;} + +fi +if test "x$CDB_LIBS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: cdb: yes" >&5 +$as_echo "$as_me: cdb: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: cdb: no" >&5 +$as_echo "$as_me: cdb: no" >&6;} + +fi +if test "x$LMDB_LIBS" != "x"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: lmdb: yes" >&5 +$as_echo "$as_me: lmdb: yes" >&6;} +else + { $as_echo "$as_me:${as_lineno-$LINENO}: lmdb: no" >&5 +$as_echo "$as_me: lmdb: no" >&6;} + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: " >&5 +$as_echo "$as_me: " >&6;} diff --git a/configure.ac b/configure.ac new file mode 100644 index 0000000..3708df0 --- /dev/null +++ b/configure.ac @@ -0,0 +1,242 @@ +AC_PREREQ([2.69]) + +AC_INIT([dnsdist], [1.7.3]) +AM_INIT_AUTOMAKE([foreign tar-ustar dist-bzip2 no-dist-gzip parallel-tests 1.11 subdir-objects]) +AM_SILENT_RULES([yes]) +AC_CONFIG_MACRO_DIR([m4]) +AC_CONFIG_HEADERS([config.h]) +AC_PROG_CC +AC_PROG_CXX +AC_LANG([C++]) + +PDNS_CHECK_TIME_T + +AC_DEFINE([DNSDIST], [1], + [This is dnsdist] +) + +LT_PREREQ([2.2.2]) +LT_INIT([disable-static]) + +CFLAGS="-g -O3 -Wall -Wextra -Wshadow -Wno-unused-parameter $CFLAGS" +CXXFLAGS="-g -O3 -Wall -Wextra -Wshadow -Wno-unused-parameter -Wmissing-declarations -Wredundant-decls $CXXFLAGS" + +PDNS_WITH_LIBSODIUM +PDNS_CHECK_DNSTAP([auto]) +PDNS_CHECK_RAGEL([dnslabeltext.cc], [www.dnsdist.org]) +PDNS_CHECK_LIBEDIT +PDNS_CHECK_CLOCK_GETTIME + +PDNS_CHECK_OS +PTHREAD_SET_NAME +PDNS_CHECK_NETWORK_LIBS +PDNS_CHECK_PTHREAD_NP +PDNS_CHECK_SECURE_MEMSET + +BOOST_REQUIRE([1.42]) + +PDNS_ENABLE_UNIT_TESTS +PDNS_WITH_RE2 +DNSDIST_ENABLE_DNSCRYPT +PDNS_WITH_EBPF +PDNS_WITH_NET_SNMP +PDNS_WITH_LIBCAP + +AX_AVAILABLE_SYSTEMD +AX_CHECK_SYSTEMD_FEATURES +AM_CONDITIONAL([HAVE_SYSTEMD], [ test x"$systemd" = "xy" ]) +PDNS_WITH_SERVICE_USER([dnsdist]) + +dnl the *_r functions are in posix so we can use them unconditionally, but the ext/yahttp code is +dnl using the defines. +AC_CHECK_FUNCS_ONCE([localtime_r gmtime_r]) +AC_SUBST([YAHTTP_CFLAGS], ['-I$(top_srcdir)/ext/yahttp']) +AC_SUBST([YAHTTP_LIBS], ['$(top_builddir)/ext/yahttp/yahttp/libyahttp.la']) +AC_SUBST([IPCRYPT_CFLAGS], ['-I$(top_srcdir)/ext/ipcrypt']) +AC_SUBST([IPCRYPT_LIBS], ['$(top_builddir)/ext/ipcrypt/libipcrypt.la']) + +PDNS_WITH_LUA([mandatory]) +AS_IF([test "x$LUAPC" = "xluajit"], [ + # export all symbols to be able to use the Lua FFI interface + AC_MSG_NOTICE([Adding -rdynamic to export all symbols for the Lua FFI interface]) + LDFLAGS="$LDFLAGS -rdynamic" +]) +PDNS_CHECK_LUA_HPP + +AM_CONDITIONAL([HAVE_GNUTLS], [false]) +AM_CONDITIONAL([HAVE_LIBSSL], [false]) +AM_CONDITIONAL([HAVE_LMDB], [false]) +AM_CONDITIONAL([HAVE_CDB], [false]) + +PDNS_CHECK_LIBCRYPTO + +PDNS_ENABLE_DNS_OVER_TLS +DNSDIST_ENABLE_DNS_OVER_HTTPS + +AS_IF([test "x$enable_dns_over_tls" != "xno" -o "x$enable_dns_over_https" != "xno"], [ + PDNS_WITH_LIBSSL +]) + +AS_IF([test "x$enable_dns_over_tls" != "xno"], [ + PDNS_WITH_GNUTLS + + AS_IF([test "x$HAVE_GNUTLS" != "x1" -a "x$HAVE_LIBSSL" != "x1"], [ + AC_MSG_ERROR([DNS over TLS support requested but neither GnuTLS nor OpenSSL are available]) + ]) +]) + +PDNS_CHECK_LIBH2OEVLOOP +AS_IF([test "x$enable_dns_over_https" != "xno"], [ + AS_IF([test "x$HAVE_LIBH2OEVLOOP" != "x1"], [ + AC_MSG_ERROR([DNS over HTTPS support requested but libh2o-evloop was not found]) + ]) + + AS_IF([test "x$HAVE_LIBSSL" != "x1"], [ + AC_MSG_ERROR([DNS over HTTPS support requested but OpenSSL was not found]) + ]) +]) + +PDNS_WITH_NGHTTP2 + +PDNS_CHECK_CDB +PDNS_CHECK_LMDB + +AX_CXX_COMPILE_STDCXX_17([noext], [mandatory]) + +AC_MSG_CHECKING([whether we will enable compiler security checks]) +AC_ARG_ENABLE([hardening], + [AS_HELP_STRING([--disable-hardening], [disable compiler security checks @<:@default=no@:>@])], + [enable_hardening=$enableval], + [enable_hardening=yes] +) +AC_MSG_RESULT([$enable_hardening]) + +AS_IF([test "x$enable_hardening" != "xno"], [ + AC_CC_PIE + AC_CC_STACK_PROTECTOR + AC_CC_PARAM_SSP_BUFFER_SIZE([4]) + AC_CC_D_FORTIFY_SOURCE + AC_LD_RELRO +]) + +PDNS_ENABLE_SANITIZERS + +PDNS_CHECK_PYTHON_VENV + +AM_CONDITIONAL([HAVE_MANPAGES], [test -e "$srcdir/dnsdist.1"]) +AM_COND_IF([HAVE_MANPAGES],[],[ + AM_COND_IF([HAVE_VENV],[],[ + AC_MSG_WARN([Python 3 and/or venv module are not available, documentation will not be built.]) + ]) +]) + +LDFLAGS="$RELRO_LDFLAGS $LDFLAGS" + +CFLAGS="$SANITIZER_FLAGS $PIE_CFLAGS $CFLAGS" +CXXFLAGS="$SANITIZER_FLAGS $PIE_CFLAGS $CXXFLAGS" + +PROGRAM_LDFLAGS="$PIE_LDFLAGS $PROGRAM_LDFLAGS" +AC_SUBST([PROGRAM_LDFLAGS]) + +AC_SUBST([AM_CPPFLAGS], + ["AS_ESCAPE([-I$(top_builddir) -I$(top_srcdir)]) $THREADFLAGS $BOOST_CPPFLAGS"] +) + +AC_ARG_VAR(PACKAGEVERSION, [The version used in secpoll queries]) +AS_IF([test "x$PACKAGEVERSION" != "x"], + [AC_DEFINE_UNQUOTED([PACKAGEVERSION], "$PACKAGEVERSION", [Set to the package version used for secpoll])] +) + +AC_CONFIG_FILES([Makefile + ext/yahttp/Makefile + ext/yahttp/yahttp/Makefile + ext/ipcrypt/Makefile]) + +AC_OUTPUT + +AC_MSG_NOTICE([]) +AC_MSG_NOTICE([Configuration summary]) +AC_MSG_NOTICE([=====================]) +AC_MSG_NOTICE([]) +AS_IF([test "x$ac_configure_args" != "x"], + [summary_conf_opts=$ac_configure_args], + [summary_conf_opts="(no options)"] +) +AC_MSG_NOTICE([dnsdist configured with: $summary_conf_opts]) +AC_MSG_NOTICE([]) +AC_MSG_NOTICE([CC: $CC]) +AC_MSG_NOTICE([CXX: $CXX]) +AC_MSG_NOTICE([LD: $LD]) +AC_MSG_NOTICE([CFLAGS: $CFLAGS]) +AC_MSG_NOTICE([CPPFLAGS: $CPPFLAGS]) +AC_MSG_NOTICE([CXXFLAGS: $CXXFLAGS]) +AC_MSG_NOTICE([LDFLAGS: $LDFLAGS]) +AC_MSG_NOTICE([LIBS: $LIBS]) +AC_MSG_NOTICE([BOOST_CPPFLAGS: $BOOST_CPPFLAGS]) +AC_MSG_NOTICE([]) +AC_MSG_NOTICE([Features enabled]) +AC_MSG_NOTICE([----------------]) +AC_MSG_NOTICE([Lua: $LUAPC]) +AC_MSG_NOTICE([Protobuf: yes]) +AS_IF([test "x$systemd" != "xn"], + [AC_MSG_NOTICE([systemd: yes])], + [AC_MSG_NOTICE([systemd: no])] +) +AS_IF([test "x$LIBCRYPTO_LIBS" != "x"], + [AC_MSG_NOTICE([ipcipher: yes])], + [AC_MSG_NOTICE([ipcipher: no])] +) +AS_IF([test "x$LIBSODIUM_LIBS" != "x"], + [AC_MSG_NOTICE([libsodium: yes])], + [AC_MSG_NOTICE([libsodium: no])] +) +AS_IF([test "x$enable_dnscrypt" != "xno"], + [AC_MSG_NOTICE([DNSCrypt: yes])], + [AC_MSG_NOTICE([DNSCrypt: no])] +) +AS_IF([test "x$FSTRM_LIBS" != "x"], + [AC_MSG_NOTICE([dnstap: yes])], + [AC_MSG_NOTICE([dnstap: no])] +) +AS_IF([test "x$RE2_LIBS" != "x"], + [AC_MSG_NOTICE([re2: yes])], + [AC_MSG_NOTICE([re2: no])] +) +AS_IF([test "x$NET_SNMP_LIBS" != "x"], + [AC_MSG_NOTICE([SNMP: yes])], + [AC_MSG_NOTICE([SNMP: no])] +) +AS_IF([test "x$enable_dns_over_tls" != "xno"], + [AC_MSG_NOTICE([DNS over TLS: yes])], + [AC_MSG_NOTICE([DNS over TLS: no])] +) +AS_IF([test "x$enable_dns_over_https" != "xno"], + [AC_MSG_NOTICE([DNS over HTTPS (DoH): yes])], + [AC_MSG_NOTICE([DNS over HTTPS (DoH): no])] +) +AS_IF([test "x$enable_dns_over_tls" != "xno"], [ + AS_IF([test "x$GNUTLS_LIBS" != "x"], + [AC_MSG_NOTICE([GnuTLS: yes])], + [AC_MSG_NOTICE([GnuTLS: no])] + )] +) +AS_IF([test "x$enable_dns_over_tls" != "xno" -o "x$enable_dns_over_https" != "xno"], [ + AS_IF([test "x$LIBSSL_LIBS" != "x"], + [AC_MSG_NOTICE([OpenSSL: yes])], + [AC_MSG_NOTICE([OpenSSL: no])] + )] +) +AS_IF([test "x$NGHTTP2_LIBS" != "x"], + [AC_MSG_NOTICE([nghttp2: yes])], + [AC_MSG_NOTICE([nghttp2: no])] +) +AS_IF([test "x$CDB_LIBS" != "x"], + [AC_MSG_NOTICE([cdb: yes])], + [AC_MSG_NOTICE([cdb: no])] +) +AS_IF([test "x$LMDB_LIBS" != "x"], + [AC_MSG_NOTICE([lmdb: yes])], + [AC_MSG_NOTICE([lmdb: no])] +) + +AC_MSG_NOTICE([]) diff --git a/connection-management.hh b/connection-management.hh new file mode 100644 index 0000000..3237f74 --- /dev/null +++ b/connection-management.hh @@ -0,0 +1,66 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include "lock.hh" + +class ConcurrentConnectionManager +{ +public: + ConcurrentConnectionManager(size_t max) + { + setMaxConcurrentConnections(max); + } + + void setMaxConcurrentConnections(size_t max) + { + d_data.lock()->d_maxConcurrentConnections = max; + } + + size_t getMaxConcurrentConnections() + { + return d_data.lock()->d_maxConcurrentConnections; + } + + bool registerConnection() + { + auto data = d_data.lock(); + if (data->d_maxConcurrentConnections == 0 || data->d_currentConnectionsCount < data->d_maxConcurrentConnections) { + ++data->d_currentConnectionsCount; + return true; + } + return false; + } + + void releaseConnection() + { + --(d_data.lock()->d_currentConnectionsCount); + } + +private: + struct Data { + size_t d_maxConcurrentConnections{0}; + size_t d_currentConnectionsCount{0}; + }; + + LockGuarded d_data; +}; diff --git a/credentials.cc b/credentials.cc new file mode 100644 index 0000000..d058a94 --- /dev/null +++ b/credentials.cc @@ -0,0 +1,477 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "config.h" + +#include +#include + +#ifdef HAVE_LIBSODIUM +#include +#endif + +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT +#include +#include +#include +#include +#endif + +#include +#include +#include + +#include "base64.hh" +#include "credentials.hh" +#include "misc.hh" + +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT +static size_t const pwhash_max_size = 128U; /* maximum size of the output */ +static size_t const pwhash_output_size = 32U; /* size of the hashed output (before base64 encoding) */ +static unsigned int const pwhash_salt_size = 16U; /* size of the salt (before base64 encoding */ +static uint64_t const pwhash_max_work_factor = 32768U; /* max N for interactive login purposes */ + +/* PHC string format, storing N as log2(N) as done by passlib. + for now we only support one algo but we might have to change that later */ +static std::string const pwhash_prefix = "$scrypt$"; +static size_t const pwhash_prefix_size = pwhash_prefix.size(); +#endif + +uint64_t const CredentialsHolder::s_defaultWorkFactor{1024U}; /* N */ +uint64_t const CredentialsHolder::s_defaultParallelFactor{1U}; /* p */ +uint64_t const CredentialsHolder::s_defaultBlockSize{8U}; /* r */ + +SensitiveData::SensitiveData(std::string&& data) : + d_data(std::move(data)) +{ +#ifdef HAVE_LIBSODIUM + sodium_mlock(d_data.data(), d_data.size()); +#endif +} + +SensitiveData& SensitiveData::operator=(SensitiveData&& rhs) +{ + d_data = std::move(rhs.d_data); + return *this; +} + +SensitiveData::SensitiveData(size_t bytes) +{ + d_data.resize(bytes); +#ifdef HAVE_LIBSODIUM + sodium_mlock(d_data.data(), d_data.size()); +#endif +} + +SensitiveData::~SensitiveData() +{ + clear(); +} + +void SensitiveData::clear() +{ +#ifdef HAVE_LIBSODIUM + sodium_munlock(d_data.data(), d_data.size()); +#endif + d_data.clear(); +} + +static std::string hashPasswordInternal(const std::string& password, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) +{ +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT + auto pctx = std::unique_ptr(EVP_PKEY_CTX_new_id(EVP_PKEY_SCRYPT, nullptr), EVP_PKEY_CTX_free); + if (!pctx) { + throw std::runtime_error("Error getting a scrypt context to hash the supplied password"); + } + + if (EVP_PKEY_derive_init(pctx.get()) <= 0) { + throw std::runtime_error("Error intializing the scrypt context to hash the supplied password"); + } + + // OpenSSL 3.0 changed the string arg to const unsigned char*, other versions use const char * +#if OPENSSL_VERSION_MAJOR >= 3 + auto passwordData = reinterpret_cast(password.data()); +#else + auto passwordData = reinterpret_cast(password.data()); +#endif + if (EVP_PKEY_CTX_set1_pbe_pass(pctx.get(), passwordData, password.size()) <= 0) { + throw std::runtime_error("Error adding the password to the scrypt context to hash the supplied password"); + } + + if (EVP_PKEY_CTX_set1_scrypt_salt(pctx.get(), reinterpret_cast(salt.data()), salt.size()) <= 0) { + throw std::runtime_error("Error adding the salt to the scrypt context to hash the supplied password"); + } + + if (EVP_PKEY_CTX_set_scrypt_N(pctx.get(), workFactor) <= 0) { + throw std::runtime_error("Error setting the work factor to the scrypt context to hash the supplied password"); + } + + if (EVP_PKEY_CTX_set_scrypt_r(pctx.get(), blockSize) <= 0) { + throw std::runtime_error("Error setting the block size to the scrypt context to hash the supplied password"); + } + + if (EVP_PKEY_CTX_set_scrypt_p(pctx.get(), parallelFactor) <= 0) { + throw std::runtime_error("Error setting the parallel factor to the scrypt context to hash the supplied password"); + } + + std::string out; + out.resize(pwhash_output_size); + size_t outlen = out.size(); + + if (EVP_PKEY_derive(pctx.get(), reinterpret_cast(out.data()), &outlen) <= 0 || outlen != pwhash_output_size) { + throw std::runtime_error("Error deriving the output from the scrypt context to hash the supplied password"); + } + + return out; +#else + throw std::runtime_error("Hashing support is not available"); +#endif +} + +static std::string generateRandomSalt() +{ +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT + /* generate a random salt */ + std::string salt; + salt.resize(pwhash_salt_size); + + if (RAND_bytes(reinterpret_cast(salt.data()), salt.size()) != 1) { + throw std::runtime_error("Error while generating a salt to hash the supplied password"); + } + + return salt; +#else + throw std::runtime_error("Generating a salted password requires scrypt support in OpenSSL, and it is not available"); +#endif +} + +std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize) +{ +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT + std::string result; + result.reserve(pwhash_max_size); + + result.append(pwhash_prefix); + result.append("ln="); + result.append(std::to_string(static_cast(std::log2(workFactor)))); + result.append(",p="); + result.append(std::to_string(parallelFactor)); + result.append(",r="); + result.append(std::to_string(blockSize)); + result.append("$"); + auto salt = generateRandomSalt(); + result.append(Base64Encode(salt)); + result.append("$"); + + auto out = hashPasswordInternal(password, salt, workFactor, parallelFactor, blockSize); + + result.append(Base64Encode(out)); + + return result; +#else + throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available"); +#endif +} + +std::string hashPassword(const std::string& password) +{ +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT + return hashPassword(password, CredentialsHolder::s_defaultWorkFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize); +#else + throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available"); +#endif +} + +bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword) +{ +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT + auto expected = hashPasswordInternal(binaryPassword, salt, workFactor, parallelFactor, blockSize); + return constantTimeStringEquals(expected, binaryHash); +#else + throw std::runtime_error("Hashing a password requires scrypt support in OpenSSL, and it is not available"); +#endif +} + +/* parse a hashed password in PHC string format */ +static void parseHashed(const std::string& hash, std::string& salt, std::string& hashedPassword, uint64_t& workFactor, uint64_t& parallelFactor, uint64_t& blockSize) +{ +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT + auto parametersEnd = hash.find('$', pwhash_prefix.size()); + if (parametersEnd == std::string::npos || parametersEnd == hash.size()) { + throw std::runtime_error("Invalid hashed password format, no parameters"); + } + + auto parametersStr = hash.substr(pwhash_prefix.size(), parametersEnd); + std::vector parameters; + parameters.reserve(3); + stringtok(parameters, parametersStr, ","); + if (parameters.size() != 3) { + throw std::runtime_error("Invalid hashed password format, expecting 3 parameters, got " + std::to_string(parameters.size())); + } + + if (!boost::starts_with(parameters.at(0), "ln=")) { + throw std::runtime_error("Invalid hashed password format, ln= parameter not found"); + } + + if (!boost::starts_with(parameters.at(1), "p=")) { + throw std::runtime_error("Invalid hashed password format, p= parameter not found"); + } + + if (!boost::starts_with(parameters.at(2), "r=")) { + throw std::runtime_error("Invalid hashed password format, r= parameter not found"); + } + + auto saltPos = parametersEnd + 1; + auto saltEnd = hash.find('$', saltPos); + if (saltEnd == std::string::npos || saltEnd == hash.size()) { + throw std::runtime_error("Invalid hashed password format"); + } + + try { + workFactor = pdns_stou(parameters.at(0).substr(3)); + workFactor = static_cast(1) << workFactor; + if (workFactor > pwhash_max_work_factor) { + throw std::runtime_error("Invalid work factor of " + std::to_string(workFactor) + " in hashed password string, maximum is " + std::to_string(pwhash_max_work_factor)); + } + + parallelFactor = pdns_stou(parameters.at(1).substr(2)); + blockSize = pdns_stou(parameters.at(2).substr(2)); + + auto b64Salt = hash.substr(saltPos, saltEnd - saltPos); + salt.reserve(pwhash_salt_size); + B64Decode(b64Salt, salt); + + if (salt.size() != pwhash_salt_size) { + throw std::runtime_error("Invalid salt in hashed password string"); + } + + hashedPassword.reserve(pwhash_output_size); + B64Decode(hash.substr(saltEnd + 1), hashedPassword); + + if (hashedPassword.size() != pwhash_output_size) { + throw std::runtime_error("Invalid hash in hashed password string"); + } + } + catch (const std::exception& e) { + throw std::runtime_error("Invalid hashed password format, unable to parse parameters"); + } +#endif +} + +bool verifyPassword(const std::string& hash, const std::string& password) +{ + if (!isPasswordHashed(hash)) { + return false; + } + +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT + std::string salt; + std::string hashedPassword; + uint64_t workFactor = 0; + uint64_t parallelFactor = 0; + uint64_t blockSize = 0; + parseHashed(hash, salt, hashedPassword, workFactor, parallelFactor, blockSize); + + auto expected = hashPasswordInternal(password, salt, workFactor, parallelFactor, blockSize); + + return constantTimeStringEquals(expected, hashedPassword); +#else + throw std::runtime_error("Verifying a hashed password requires scrypt support in OpenSSL, and it is not available"); +#endif +} + +bool isPasswordHashed(const std::string& password) +{ +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT + if (password.size() < pwhash_prefix_size || password.size() > pwhash_max_size) { + return false; + } + + if (!boost::starts_with(password, pwhash_prefix)) { + return false; + } + + auto parametersEnd = password.find('$', pwhash_prefix.size()); + if (parametersEnd == std::string::npos || parametersEnd == password.size()) { + return false; + } + + size_t parametersSize = parametersEnd - pwhash_prefix.size(); + /* ln=X,p=Y,r=Z */ + if (parametersSize < 12) { + return false; + } + + auto saltEnd = password.find('$', parametersEnd + 1); + if (saltEnd == std::string::npos || saltEnd == password.size()) { + return false; + } + + /* the salt is base64 encoded so it has to be larger than that */ + if ((saltEnd - parametersEnd - 1) < pwhash_salt_size) { + return false; + } + + /* the hash base64 encoded so it has to be larger than that */ + if ((password.size() - saltEnd - 1) < pwhash_output_size) { + return false; + } + + return true; +#else + return false; +#endif +} + +/* if the password is in cleartext and hashing is available, + the hashed form will be kept in memory */ +CredentialsHolder::CredentialsHolder(std::string&& password, bool hashPlaintext) : + d_credentials(std::move(password)) +{ + if (isHashingAvailable()) { + if (!isPasswordHashed(d_credentials.getString())) { + if (hashPlaintext) { + d_salt = generateRandomSalt(); + d_workFactor = s_defaultWorkFactor; + d_parallelFactor = s_defaultParallelFactor; + d_blockSize = s_defaultBlockSize; + d_credentials = SensitiveData(hashPasswordInternal(d_credentials.getString(), d_salt, d_workFactor, d_parallelFactor, d_blockSize)); + d_isHashed = true; + } + } + else { + d_wasHashed = true; + d_isHashed = true; + std::string hashedPassword; + parseHashed(d_credentials.getString(), d_salt, hashedPassword, d_workFactor, d_parallelFactor, d_blockSize); + d_credentials = SensitiveData(std::move(hashedPassword)); + } + } + + if (!d_isHashed) { + d_fallbackHashPerturb = random(); + d_fallbackHash = burtle(reinterpret_cast(d_credentials.getString().data()), d_credentials.getString().size(), d_fallbackHashPerturb); + } +} + +CredentialsHolder::~CredentialsHolder() +{ + d_fallbackHashPerturb = 0; + d_fallbackHash = 0; +} + +bool CredentialsHolder::matches(const std::string& password) const +{ + if (d_isHashed) { + return verifyPassword(d_credentials.getString(), d_salt, d_workFactor, d_parallelFactor, d_blockSize, password); + } + else { + uint32_t fallback = burtle(reinterpret_cast(password.data()), password.size(), d_fallbackHashPerturb); + if (fallback != d_fallbackHash) { + return false; + } + + return constantTimeStringEquals(password, d_credentials.getString()); + } +} + +bool CredentialsHolder::isHashingAvailable() +{ +#ifdef HAVE_EVP_PKEY_CTX_SET1_SCRYPT_SALT + return true; +#else + return false; +#endif +} + +#include +#include + +SensitiveData CredentialsHolder::readFromTerminal() +{ + struct termios term; + struct termios oterm; + bool restoreTermSettings = false; + int termAction = TCSAFLUSH; +#ifdef TCSASOFT + termAction |= TCSASOFT; +#endif + + FDWrapper input(open("/dev/tty", O_RDONLY)); + if (int(input) != -1) { + if (tcgetattr(input, &oterm) == 0) { + memcpy(&term, &oterm, sizeof(term)); + term.c_lflag &= ~(ECHO | ECHONL); + tcsetattr(input, termAction, &term); + restoreTermSettings = true; + } + } + else { + input = FDWrapper(dup(STDIN_FILENO)); + restoreTermSettings = false; + } + + FDWrapper output(open("/dev/tty", O_WRONLY)); + if (int(output) == -1) { + output = FDWrapper(dup(STDERR_FILENO)); + } + + struct std::map signals; + struct sigaction sa; + sigemptyset(&sa.sa_mask); + sa.sa_flags = 0; + sa.sa_handler = [](int s) {}; + sigaction(SIGALRM, &sa, &signals[SIGALRM]); + sigaction(SIGHUP, &sa, &signals[SIGHUP]); + sigaction(SIGINT, &sa, &signals[SIGINT]); + sigaction(SIGPIPE, &sa, &signals[SIGPIPE]); + sigaction(SIGQUIT, &sa, &signals[SIGQUIT]); + sigaction(SIGTERM, &sa, &signals[SIGTERM]); + sigaction(SIGTSTP, &sa, &signals[SIGTSTP]); + sigaction(SIGTTIN, &sa, &signals[SIGTTIN]); + sigaction(SIGTTOU, &sa, &signals[SIGTTOU]); + + std::string buffer; + /* let's allocate a huge buffer now to prevent reallocation, + which would leave parts of the buffer around */ + buffer.reserve(512); + + for (;;) { + char ch = '\0'; + auto got = read(input, &ch, 1); + if (got == 1 && ch != '\n' && ch != '\r') { + buffer.push_back(ch); + } + else { + break; + } + } + + if (restoreTermSettings) { + tcsetattr(input, termAction, &oterm); + } + + for (const auto& sig : signals) { + sigaction(sig.first, &sig.second, nullptr); + } + + return SensitiveData(std::move(buffer)); +} diff --git a/credentials.hh b/credentials.hh new file mode 100644 index 0000000..6e59c6b --- /dev/null +++ b/credentials.hh @@ -0,0 +1,103 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include +#include + +class SensitiveData +{ +public: + SensitiveData(size_t bytes); + SensitiveData(std::string&& data); + SensitiveData& operator=(SensitiveData&&); + + ~SensitiveData(); + void clear(); + const std::string& getString() const + { + return d_data; + } + std::string& getString() + { + return d_data; + } + +private: + std::string d_data; +}; + +std::string hashPassword(const std::string& password); +std::string hashPassword(const std::string& password, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize); +bool verifyPassword(const std::string& hash, const std::string& password); +bool verifyPassword(const std::string& binaryHash, const std::string& salt, uint64_t workFactor, uint64_t parallelFactor, uint64_t blockSize, const std::string& binaryPassword); +bool isPasswordHashed(const std::string& password); + +class CredentialsHolder +{ +public: + /* if hashPlaintext is true, the password is in cleartext and hashing is available, + the hashed form will be kept in memory. + Note that accepting hashed password from an untrusted source might open + us to a denial of service, since we currently don't cap the the parameters, + including the work factor */ + CredentialsHolder(std::string&& password, bool hashPlaintext); + ~CredentialsHolder(); + + CredentialsHolder(const CredentialsHolder&) = delete; + CredentialsHolder& operator=(const CredentialsHolder&) = delete; + + bool matches(const std::string& password) const; + /* whether it was constructed from a hashed and salted string */ + bool wasHashed() const + { + return d_wasHashed; + } + /* whether it is hashed in memory */ + bool isHashed() const + { + return d_isHashed; + } + + static bool isHashingAvailable(); + static SensitiveData readFromTerminal(); + + static uint64_t const s_defaultWorkFactor; + static uint64_t const s_defaultParallelFactor; + static uint64_t const s_defaultBlockSize; + +private: + SensitiveData d_credentials; + /* if the password is hashed, we only extract + the salt and parameters once */ + std::string d_salt; + uint64_t d_workFactor{0}; + uint64_t d_parallelFactor{0}; + uint64_t d_blockSize{0}; + /* seed our hash so it's not predictable */ + uint32_t d_fallbackHashPerturb{0}; + uint32_t d_fallbackHash{0}; + /* whether it was constructed from a hashed and salted string */ + bool d_wasHashed{false}; + /* whether it is hashed in memory */ + bool d_isHashed{false}; +}; diff --git a/delaypipe.cc b/delaypipe.cc new file mode 100644 index 0000000..be363d6 --- /dev/null +++ b/delaypipe.cc @@ -0,0 +1,188 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "delaypipe.hh" +#include "misc.hh" +#include "gettime.hh" +#include +#include "threadname.hh" + +template +ObjectPipe::ObjectPipe() +{ + if(pipe(d_fds)) + unixDie("pipe"); +} + +template +ObjectPipe::~ObjectPipe() +{ + ::close(d_fds[0]); + if(d_fds[1] >= 0) + ::close(d_fds[1]); +} + +template +void ObjectPipe::close() +{ + if(d_fds[1] < 0) + return; + ::close(d_fds[1]); // the writing side + d_fds[1]=-1; +} + +template +void ObjectPipe::write(T& t) +{ + auto ptr = new T(t); + if(::write(d_fds[1], &ptr, sizeof(ptr)) != sizeof(ptr)) { + delete ptr; + unixDie("write"); + } +} + +template +int ObjectPipe::readTimeout(T* t, double msec) +{ + while (true) { + int ret = waitForData(d_fds[0], 0, 1000*msec); + if (ret < 0) { + if (errno == EINTR) { + continue; + } + unixDie("waiting for data in object pipe"); + } + else if (ret == 0) { + return -1; + } + + T* ptr = nullptr; + ret = ::read(d_fds[0], &ptr, sizeof(ptr)); // this is BLOCKING! + + if (ret < 0) { + if (errno == EINTR) { + continue; + } + unixDie("read"); + } + else if (ret == 0) { + return false; + } + + if (ret != sizeof(ptr)) { + throw std::runtime_error("Partial read, should not happen 2"); + } + + *t = *ptr; + delete ptr; + return 1; + } +} + + +template +DelayPipe::DelayPipe() : d_thread(&DelayPipe::worker, this) +{ +} + +template +void DelayPipe::gettime(struct timespec* ts) +{ + ::gettime(ts); +} + + +template +void DelayPipe::submit(T& t, int msec) +{ + struct timespec now; + gettime(&now); + now.tv_nsec += msec*1e6; + while(now.tv_nsec > 1e9) { + now.tv_sec++; + now.tv_nsec-=1e9; + } + Combo c{t, now}; + d_pipe.write(c); +} + +template +DelayPipe::~DelayPipe() +{ + d_pipe.close(); + d_thread.join(); +} + + + +template +void DelayPipe::worker() +{ + setThreadName("dnsdist/delayPi"); + Combo c; + for(;;) { + /* this code is slightly too subtle, but I don't see how it could be any simpler. + So we have a set of work to do, and we need to wait until the time arrives to do it. + Simultaneously new work might come in. So we try to combine both of these things by + setting a timeout on listening to the pipe over which new work comes in. This timeout + is equal to the wait until the first thing that needs to be done. + + Two additional cases exist: we have no work to wait for, so we can wait infinitely long. + The other special case is that the first we have to do.. is in the past, so we need to do it + immediately. */ + + + double delay=-1; // infinite + struct timespec now; + if(!d_work.empty()) { + gettime(&now); + delay=1000*tsdelta(d_work.begin()->first, now); + if(delay < 0) { + delay=0; // don't wait - we have work that is late already! + } + } + if(delay != 0 ) { + int ret = d_pipe.readTimeout(&c, delay); + if(ret > 0) { // we got an object + d_work.emplace(c.when, c.what); + } + else if(ret==0) { // EOF + break; + } + else { + ; + } + gettime(&now); + } + + tscomp cmp; + + for(auto iter = d_work.begin() ; iter != d_work.end(); ) { // do the needful + if(cmp(iter->first, now)) { + iter->second(); + d_work.erase(iter++); + } + else { + break; + } + } + } +} diff --git a/delaypipe.hh b/delaypipe.hh new file mode 100644 index 0000000..ad1626a --- /dev/null +++ b/delaypipe.hh @@ -0,0 +1,85 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once +#include +#include +#include + +/** + General idea: many threads submit work to this class, but only one executes it. The work should therefore be entirely trivial. + The implementation is that submitter threads create an object that represents the work, and it gets sent over a pipe + to the worker thread. + + The worker thread meanwhile listens on this pipe (non-blocking), with a delay set to the next object that needs to be executed. + If meanwhile new work comes in, all objects who's time has come are executed, a new sleep time is calculated. +*/ + + +/* ObjectPipe facilitates the type-safe passing of types over a pipe */ + +template +class ObjectPipe +{ +public: + ObjectPipe(); + ~ObjectPipe(); + void write(T& t); + int readTimeout(T* t, double msec); //!< -1 is timeout, 0 is no data, 1 is data. msec<0 waits infinitely long. msec==0 = undefined + void close(); +private: + int d_fds[2]; +}; + +template +class DelayPipe +{ +public: + DelayPipe(); + ~DelayPipe(); + void submit(T& t, int msec); //!< don't try for more than 4294 msec + +private: + void worker(); + struct Combo + { + T what; + struct timespec when; + }; + + double tsdelta(const struct timespec& a, const struct timespec& b) // read as a-b + { + return 1.0*(a.tv_sec-b.tv_sec)+1.0*(a.tv_nsec-b.tv_nsec)/1000000000.0; + } + + ObjectPipe d_pipe; + struct tscomp { + bool operator()(const struct timespec& a, const struct timespec& b) const + { + return std::tie(a.tv_sec, a.tv_nsec) < std::tie(b.tv_sec, b.tv_nsec); + } + }; + std::multimap d_work; + void gettime(struct timespec* ts); + std::thread d_thread; +}; + +#include "delaypipe.cc" diff --git a/depcomp b/depcomp new file mode 100755 index 0000000..65cbf70 --- /dev/null +++ b/depcomp @@ -0,0 +1,791 @@ +#! /bin/sh +# depcomp - compile a program generating dependencies as side-effects + +scriptversion=2018-03-07.03; # UTC + +# Copyright (C) 1999-2018 Free Software Foundation, Inc. + +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2, or (at your option) +# any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Alexandre Oliva . + +case $1 in + '') + echo "$0: No command. Try '$0 --help' for more information." 1>&2 + exit 1; + ;; + -h | --h*) + cat <<\EOF +Usage: depcomp [--help] [--version] PROGRAM [ARGS] + +Run PROGRAMS ARGS to compile a file, generating dependencies +as side-effects. + +Environment variables: + depmode Dependency tracking mode. + source Source file read by 'PROGRAMS ARGS'. + object Object file output by 'PROGRAMS ARGS'. + DEPDIR directory where to store dependencies. + depfile Dependency file to output. + tmpdepfile Temporary file to use when outputting dependencies. + libtool Whether libtool is used (yes/no). + +Report bugs to . +EOF + exit $? + ;; + -v | --v*) + echo "depcomp $scriptversion" + exit $? + ;; +esac + +# Get the directory component of the given path, and save it in the +# global variables '$dir'. Note that this directory component will +# be either empty or ending with a '/' character. This is deliberate. +set_dir_from () +{ + case $1 in + */*) dir=`echo "$1" | sed -e 's|/[^/]*$|/|'`;; + *) dir=;; + esac +} + +# Get the suffix-stripped basename of the given path, and save it the +# global variable '$base'. +set_base_from () +{ + base=`echo "$1" | sed -e 's|^.*/||' -e 's/\.[^.]*$//'` +} + +# If no dependency file was actually created by the compiler invocation, +# we still have to create a dummy depfile, to avoid errors with the +# Makefile "include basename.Plo" scheme. +make_dummy_depfile () +{ + echo "#dummy" > "$depfile" +} + +# Factor out some common post-processing of the generated depfile. +# Requires the auxiliary global variable '$tmpdepfile' to be set. +aix_post_process_depfile () +{ + # If the compiler actually managed to produce a dependency file, + # post-process it. + if test -f "$tmpdepfile"; then + # Each line is of the form 'foo.o: dependency.h'. + # Do two passes, one to just change these to + # $object: dependency.h + # and one to simply output + # dependency.h: + # which is needed to avoid the deleted-header problem. + { sed -e "s,^.*\.[$lower]*:,$object:," < "$tmpdepfile" + sed -e "s,^.*\.[$lower]*:[$tab ]*,," -e 's,$,:,' < "$tmpdepfile" + } > "$depfile" + rm -f "$tmpdepfile" + else + make_dummy_depfile + fi +} + +# A tabulation character. +tab=' ' +# A newline character. +nl=' +' +# Character ranges might be problematic outside the C locale. +# These definitions help. +upper=ABCDEFGHIJKLMNOPQRSTUVWXYZ +lower=abcdefghijklmnopqrstuvwxyz +digits=0123456789 +alpha=${upper}${lower} + +if test -z "$depmode" || test -z "$source" || test -z "$object"; then + echo "depcomp: Variables source, object and depmode must be set" 1>&2 + exit 1 +fi + +# Dependencies for sub/bar.o or sub/bar.obj go into sub/.deps/bar.Po. +depfile=${depfile-`echo "$object" | + sed 's|[^\\/]*$|'${DEPDIR-.deps}'/&|;s|\.\([^.]*\)$|.P\1|;s|Pobj$|Po|'`} +tmpdepfile=${tmpdepfile-`echo "$depfile" | sed 's/\.\([^.]*\)$/.T\1/'`} + +rm -f "$tmpdepfile" + +# Avoid interferences from the environment. +gccflag= dashmflag= + +# Some modes work just like other modes, but use different flags. We +# parameterize here, but still list the modes in the big case below, +# to make depend.m4 easier to write. Note that we *cannot* use a case +# here, because this file can only contain one case statement. +if test "$depmode" = hp; then + # HP compiler uses -M and no extra arg. + gccflag=-M + depmode=gcc +fi + +if test "$depmode" = dashXmstdout; then + # This is just like dashmstdout with a different argument. + dashmflag=-xM + depmode=dashmstdout +fi + +cygpath_u="cygpath -u -f -" +if test "$depmode" = msvcmsys; then + # This is just like msvisualcpp but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvisualcpp +fi + +if test "$depmode" = msvc7msys; then + # This is just like msvc7 but w/o cygpath translation. + # Just convert the backslash-escaped backslashes to single forward + # slashes to satisfy depend.m4 + cygpath_u='sed s,\\\\,/,g' + depmode=msvc7 +fi + +if test "$depmode" = xlc; then + # IBM C/C++ Compilers xlc/xlC can output gcc-like dependency information. + gccflag=-qmakedep=gcc,-MF + depmode=gcc +fi + +case "$depmode" in +gcc3) +## gcc 3 implements dependency tracking that does exactly what +## we want. Yay! Note: for some reason libtool 1.4 doesn't like +## it if -MD -MP comes after the -MF stuff. Hmm. +## Unfortunately, FreeBSD c89 acceptance of flags depends upon +## the command line argument order; so add the flags where they +## appear in depend2.am. Note that the slowdown incurred here +## affects only configure: in makefiles, %FASTDEP% shortcuts this. + for arg + do + case $arg in + -c) set fnord "$@" -MT "$object" -MD -MP -MF "$tmpdepfile" "$arg" ;; + *) set fnord "$@" "$arg" ;; + esac + shift # fnord + shift # $arg + done + "$@" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + mv "$tmpdepfile" "$depfile" + ;; + +gcc) +## Note that this doesn't just cater to obsosete pre-3.x GCC compilers. +## but also to in-use compilers like IMB xlc/xlC and the HP C compiler. +## (see the conditional assignment to $gccflag above). +## There are various ways to get dependency output from gcc. Here's +## why we pick this rather obscure method: +## - Don't want to use -MD because we'd like the dependencies to end +## up in a subdir. Having to rename by hand is ugly. +## (We might end up doing this anyway to support other compilers.) +## - The DEPENDENCIES_OUTPUT environment variable makes gcc act like +## -MM, not -M (despite what the docs say). Also, it might not be +## supported by the other compilers which use the 'gcc' depmode. +## - Using -M directly means running the compiler twice (even worse +## than renaming). + if test -z "$gccflag"; then + gccflag=-MD, + fi + "$@" -Wp,"$gccflag$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The second -e expression handles DOS-style file names with drive + # letters. + sed -e 's/^[^:]*: / /' \ + -e 's/^['$alpha']:\/[^:]*: / /' < "$tmpdepfile" >> "$depfile" +## This next piece of magic avoids the "deleted header file" problem. +## The problem is that when a header file which appears in a .P file +## is deleted, the dependency causes make to die (because there is +## typically no way to rebuild the header). We avoid this by adding +## dummy dependencies for each header file. Too bad gcc doesn't do +## this for us directly. +## Some versions of gcc put a space before the ':'. On the theory +## that the space means something, we add a space to the output as +## well. hp depmode also adds that space, but also prefixes the VPATH +## to the object. Take care to not repeat it in the output. +## Some versions of the HPUX 10.20 sed can't process this invocation +## correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e "s|.*$object$||" -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +sgi) + if test "$libtool" = yes; then + "$@" "-Wp,-MDupdate,$tmpdepfile" + else + "$@" -MDupdate "$tmpdepfile" + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + + if test -f "$tmpdepfile"; then # yes, the sourcefile depend on other files + echo "$object : \\" > "$depfile" + # Clip off the initial element (the dependent). Don't try to be + # clever and replace this with sed code, as IRIX sed won't handle + # lines with more than a fixed number of characters (4096 in + # IRIX 6.2 sed, 8192 in IRIX 6.5). We also remove comment lines; + # the IRIX cc adds comments like '#:fec' to the end of the + # dependency line. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' \ + | tr "$nl" ' ' >> "$depfile" + echo >> "$depfile" + # The second pass generates a dummy entry for each header file. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^.*\.o://' -e 's/#.*$//' -e '/^$/ d' -e 's/$/:/' \ + >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" + ;; + +xlc) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +aix) + # The C for AIX Compiler uses -M and outputs the dependencies + # in a .u file. In older versions, this file always lives in the + # current directory. Also, the AIX compiler puts '$object:' at the + # start of each line; $object doesn't have directory information. + # Version 6 uses the directory in both cases. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.u + tmpdepfile2=$base.u + tmpdepfile3=$dir.libs/$base.u + "$@" -Wc,-M + else + tmpdepfile1=$dir$base.u + tmpdepfile2=$dir$base.u + tmpdepfile3=$dir$base.u + "$@" -M + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + aix_post_process_depfile + ;; + +tcc) + # tcc (Tiny C Compiler) understand '-MD -MF file' since version 0.9.26 + # FIXME: That version still under development at the moment of writing. + # Make that this statement remains true also for stable, released + # versions. + # It will wrap lines (doesn't matter whether long or short) with a + # trailing '\', as in: + # + # foo.o : \ + # foo.c \ + # foo.h \ + # + # It will put a trailing '\' even on the last line, and will use leading + # spaces rather than leading tabs (at least since its commit 0394caf7 + # "Emit spaces for -MD"). + "$@" -MD -MF "$tmpdepfile" + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each non-empty line is of the form 'foo.o : \' or ' dep.h \'. + # We have to change lines of the first kind to '$object: \'. + sed -e "s|.*:|$object :|" < "$tmpdepfile" > "$depfile" + # And for each line of the second kind, we have to emit a 'dep.h:' + # dummy dependency, to avoid the deleted-header problem. + sed -n -e 's|^ *\(.*\) *\\$|\1:|p' < "$tmpdepfile" >> "$depfile" + rm -f "$tmpdepfile" + ;; + +## The order of this option in the case statement is important, since the +## shell code in configure will try each of these formats in the order +## listed in this file. A plain '-MD' option would be understood by many +## compilers, so we must ensure this comes after the gcc and icc options. +pgcc) + # Portland's C compiler understands '-MD'. + # Will always output deps to 'file.d' where file is the root name of the + # source file under compilation, even if file resides in a subdirectory. + # The object file name does not affect the name of the '.d' file. + # pgcc 10.2 will output + # foo.o: sub/foo.c sub/foo.h + # and will wrap long lines using '\' : + # foo.o: sub/foo.c ... \ + # sub/foo.h ... \ + # ... + set_dir_from "$object" + # Use the source, not the object, to determine the base name, since + # that's sadly what pgcc will do too. + set_base_from "$source" + tmpdepfile=$base.d + + # For projects that build the same source file twice into different object + # files, the pgcc approach of using the *source* file root name can cause + # problems in parallel builds. Use a locking strategy to avoid stomping on + # the same $tmpdepfile. + lockdir=$base.d-lock + trap " + echo '$0: caught signal, cleaning up...' >&2 + rmdir '$lockdir' + exit 1 + " 1 2 13 15 + numtries=100 + i=$numtries + while test $i -gt 0; do + # mkdir is a portable test-and-set. + if mkdir "$lockdir" 2>/dev/null; then + # This process acquired the lock. + "$@" -MD + stat=$? + # Release the lock. + rmdir "$lockdir" + break + else + # If the lock is being held by a different process, wait + # until the winning process is done or we timeout. + while test -d "$lockdir" && test $i -gt 0; do + sleep 1 + i=`expr $i - 1` + done + fi + i=`expr $i - 1` + done + trap - 1 2 13 15 + if test $i -le 0; then + echo "$0: failed to acquire lock after $numtries attempts" >&2 + echo "$0: check lockdir '$lockdir'" >&2 + exit 1 + fi + + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + # Each line is of the form `foo.o: dependent.h', + # or `foo.o: dep1.h dep2.h \', or ` dep3.h dep4.h \'. + # Do two passes, one to just change these to + # `$object: dependent.h' and one to simply `dependent.h:'. + sed "s,^[^:]*:,$object :," < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed 's,^[^:]*: \(.*\)$,\1,;s/^\\$//;/^$/d;/:$/d' < "$tmpdepfile" \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +hp2) + # The "hp" stanza above does not work with aCC (C++) and HP's ia64 + # compilers, which have integrated preprocessors. The correct option + # to use with these is +Maked; it writes dependencies to a file named + # 'foo.d', which lands next to the object file, wherever that + # happens to be. + # Much of this is similar to the tru64 case; see comments there. + set_dir_from "$object" + set_base_from "$object" + if test "$libtool" = yes; then + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir.libs/$base.d + "$@" -Wc,+Maked + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + "$@" +Maked + fi + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" + do + test -f "$tmpdepfile" && break + done + if test -f "$tmpdepfile"; then + sed -e "s,^.*\.[$lower]*:,$object:," "$tmpdepfile" > "$depfile" + # Add 'dependent.h:' lines. + sed -ne '2,${ + s/^ *// + s/ \\*$// + s/$/:/ + p + }' "$tmpdepfile" >> "$depfile" + else + make_dummy_depfile + fi + rm -f "$tmpdepfile" "$tmpdepfile2" + ;; + +tru64) + # The Tru64 compiler uses -MD to generate dependencies as a side + # effect. 'cc -MD -o foo.o ...' puts the dependencies into 'foo.o.d'. + # At least on Alpha/Redhat 6.1, Compaq CCC V6.2-504 seems to put + # dependencies in 'foo.d' instead, so we check for that too. + # Subdirectories are respected. + set_dir_from "$object" + set_base_from "$object" + + if test "$libtool" = yes; then + # Libtool generates 2 separate objects for the 2 libraries. These + # two compilations output dependencies in $dir.libs/$base.o.d and + # in $dir$base.o.d. We have to check for both files, because + # one of the two compilations can be disabled. We should prefer + # $dir$base.o.d over $dir.libs/$base.o.d because the latter is + # automatically cleaned when .libs/ is deleted, while ignoring + # the former would cause a distcleancheck panic. + tmpdepfile1=$dir$base.o.d # libtool 1.5 + tmpdepfile2=$dir.libs/$base.o.d # Likewise. + tmpdepfile3=$dir.libs/$base.d # Compaq CCC V6.2-504 + "$@" -Wc,-MD + else + tmpdepfile1=$dir$base.d + tmpdepfile2=$dir$base.d + tmpdepfile3=$dir$base.d + "$@" -MD + fi + + stat=$? + if test $stat -ne 0; then + rm -f "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + exit $stat + fi + + for tmpdepfile in "$tmpdepfile1" "$tmpdepfile2" "$tmpdepfile3" + do + test -f "$tmpdepfile" && break + done + # Same post-processing that is required for AIX mode. + aix_post_process_depfile + ;; + +msvc7) + if test "$libtool" = yes; then + showIncludes=-Wc,-showIncludes + else + showIncludes=-showIncludes + fi + "$@" $showIncludes > "$tmpdepfile" + stat=$? + grep -v '^Note: including file: ' "$tmpdepfile" + if test $stat -ne 0; then + rm -f "$tmpdepfile" + exit $stat + fi + rm -f "$depfile" + echo "$object : \\" > "$depfile" + # The first sed program below extracts the file names and escapes + # backslashes for cygpath. The second sed program outputs the file + # name when reading, but also accumulates all include files in the + # hold buffer in order to output them again at the end. This only + # works with sed implementations that can handle large buffers. + sed < "$tmpdepfile" -n ' +/^Note: including file: *\(.*\)/ { + s//\1/ + s/\\/\\\\/g + p +}' | $cygpath_u | sort -u | sed -n ' +s/ /\\ /g +s/\(.*\)/'"$tab"'\1 \\/p +s/.\(.*\) \\/\1:/ +H +$ { + s/.*/'"$tab"'/ + G + p +}' >> "$depfile" + echo >> "$depfile" # make sure the fragment doesn't end with a backslash + rm -f "$tmpdepfile" + ;; + +msvc7msys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +#nosideeffect) + # This comment above is used by automake to tell side-effect + # dependency tracking mechanisms from slower ones. + +dashmstdout) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout, regardless of -o. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + test -z "$dashmflag" && dashmflag=-M + # Require at least two characters before searching for ':' + # in the target name. This is to cope with DOS-style filenames: + # a dependency such as 'c:/foo/bar' could be seen as target 'c' otherwise. + "$@" $dashmflag | + sed "s|^[$tab ]*[^:$tab ][^:][^:]*:[$tab ]*|$object: |" > "$tmpdepfile" + rm -f "$depfile" + cat < "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process this sed invocation + # correctly. Breaking it into two sed invocations is a workaround. + tr ' ' "$nl" < "$tmpdepfile" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +dashXmstdout) + # This case only exists to satisfy depend.m4. It is never actually + # run, as this mode is specially recognized in the preamble. + exit 1 + ;; + +makedepend) + "$@" || exit $? + # Remove any Libtool call + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + # X makedepend + shift + cleared=no eat=no + for arg + do + case $cleared in + no) + set ""; shift + cleared=yes ;; + esac + if test $eat = yes; then + eat=no + continue + fi + case "$arg" in + -D*|-I*) + set fnord "$@" "$arg"; shift ;; + # Strip any option that makedepend may not understand. Remove + # the object too, otherwise makedepend will parse it as a source file. + -arch) + eat=yes ;; + -*|$object) + ;; + *) + set fnord "$@" "$arg"; shift ;; + esac + done + obj_suffix=`echo "$object" | sed 's/^.*\././'` + touch "$tmpdepfile" + ${MAKEDEPEND-makedepend} -o"$obj_suffix" -f"$tmpdepfile" "$@" + rm -f "$depfile" + # makedepend may prepend the VPATH from the source file name to the object. + # No need to regex-escape $object, excess matching of '.' is harmless. + sed "s|^.*\($object *:\)|\1|" "$tmpdepfile" > "$depfile" + # Some versions of the HPUX 10.20 sed can't process the last invocation + # correctly. Breaking it into two sed invocations is a workaround. + sed '1,2d' "$tmpdepfile" \ + | tr ' ' "$nl" \ + | sed -e 's/^\\$//' -e '/^$/d' -e '/:$/d' \ + | sed -e 's/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" "$tmpdepfile".bak + ;; + +cpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + # Remove '-o $object'. + IFS=" " + for arg + do + case $arg in + -o) + shift + ;; + $object) + shift + ;; + *) + set fnord "$@" "$arg" + shift # fnord + shift # $arg + ;; + esac + done + + "$@" -E \ + | sed -n -e '/^# [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + -e '/^#line [0-9][0-9]* "\([^"]*\)".*/ s:: \1 \\:p' \ + | sed '$ s: \\$::' > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + cat < "$tmpdepfile" >> "$depfile" + sed < "$tmpdepfile" '/^$/d;s/^ //;s/ \\$//;s/$/ :/' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvisualcpp) + # Important note: in order to support this mode, a compiler *must* + # always write the preprocessed file to stdout. + "$@" || exit $? + + # Remove the call to Libtool. + if test "$libtool" = yes; then + while test "X$1" != 'X--mode=compile'; do + shift + done + shift + fi + + IFS=" " + for arg + do + case "$arg" in + -o) + shift + ;; + $object) + shift + ;; + "-Gm"|"/Gm"|"-Gi"|"/Gi"|"-ZI"|"/ZI") + set fnord "$@" + shift + shift + ;; + *) + set fnord "$@" "$arg" + shift + shift + ;; + esac + done + "$@" -E 2>/dev/null | + sed -n '/^#line [0-9][0-9]* "\([^"]*\)"/ s::\1:p' | $cygpath_u | sort -u > "$tmpdepfile" + rm -f "$depfile" + echo "$object : \\" > "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::'"$tab"'\1 \\:p' >> "$depfile" + echo "$tab" >> "$depfile" + sed < "$tmpdepfile" -n -e 's% %\\ %g' -e '/^\(.*\)$/ s::\1\::p' >> "$depfile" + rm -f "$tmpdepfile" + ;; + +msvcmsys) + # This case exists only to let depend.m4 do its work. It works by + # looking at the text of this script. This case will never be run, + # since it is checked for above. + exit 1 + ;; + +none) + exec "$@" + ;; + +*) + echo "Unknown depmode $depmode" 1>&2 + exit 1 + ;; +esac + +exit 0 + +# Local Variables: +# mode: shell-script +# sh-indentation: 2 +# eval: (add-hook 'before-save-hook 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC0" +# time-stamp-end: "; # UTC" +# End: diff --git a/devpollmplexer.cc b/devpollmplexer.cc new file mode 100644 index 0000000..37a0d48 --- /dev/null +++ b/devpollmplexer.cc @@ -0,0 +1,216 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif +/* + * NOTE: sys/devpoll.h relies on sigset_t being already defined so we need + * to include sys/signal.h *before* including sys/devpoll.h. + */ +#include +#include +#include "mplexer.hh" +#include "sstuff.hh" +#include +#include +#include "misc.hh" + +#include "namespaces.hh" + +class DevPollFDMultiplexer : public FDMultiplexer +{ +public: + DevPollFDMultiplexer(); + ~DevPollFDMultiplexer() + { + if (d_devpollfd >= 0) { + close(d_devpollfd); + } + } + + int run(struct timeval* tv, int timeout = 500) override; + void getAvailableFDs(std::vector& fds, int timeout) override; + + void addFD(int fd, FDMultiplexer::EventKind kind) override; + void removeFD(int fd, FDMultiplexer::EventKind kind) override; + + string getName() const override + { + return "/dev/poll"; + } + +private: + int d_devpollfd; +}; + +static FDMultiplexer* makeDevPoll() +{ + return new DevPollFDMultiplexer(); +} + +static struct DevPollRegisterOurselves +{ + DevPollRegisterOurselves() + { + FDMultiplexer::getMultiplexerMap().emplace(1, &makeDevPoll); // priority 1, so that /dev/poll is preferred over poll, but not over completion ports! + } +} doItDevPoll; + +DevPollFDMultiplexer::DevPollFDMultiplexer() +{ + d_devpollfd = open("/dev/poll", O_RDWR); + if (d_devpollfd < 0) { + throw FDMultiplexerException("Setting up /dev/poll: " + stringerror()); + } +} + +static int convertEventKind(FDMultiplexer::EventKind kind) +{ + switch (kind) { + case FDMultiplexer::EventKind::Read: + return POLLIN; + case FDMultiplexer::EventKind::Write: + return POLLOUT; + case FDMultiplexer::EventKind::Both: + return POLLIN | POLLOUT; + } + throw std::runtime_error("Unhandled event kind in the /dev/poll multiplexer"); +} + +void DevPollFDMultiplexer::addFD(int fd, FDMultiplexer::EventKind kind) +{ + struct pollfd devent; + devent.fd = fd; + devent.events = convertEventKind(kind); + devent.revents = 0; + + if (write(d_devpollfd, &devent, sizeof(devent)) != sizeof(devent)) { + throw FDMultiplexerException("Adding fd to /dev/poll/ set: " + stringerror()); + } +} + +void DevPollFDMultiplexer::removeFD(int fd, FDMultiplexer::EventKind) +{ + struct pollfd devent; + devent.fd = fd; + devent.events = POLLREMOVE; + devent.revents = 0; + + if (write(d_devpollfd, &devent, sizeof(devent)) != sizeof(devent)) { + throw FDMultiplexerException("Removing fd from epoll set: " + stringerror()); + } +} + +void DevPollFDMultiplexer::getAvailableFDs(std::vector& fds, int timeout) +{ + std::vector pollfds(d_readCallbacks.size() + d_writeCallbacks.size()); + struct dvpoll dvp; + dvp.dp_nfds = d_readCallbacks.size() + d_writeCallbacks.size(); + dvp.dp_fds = pollfds.data(); + dvp.dp_timeout = timeout; + int ret = ioctl(d_devpollfd, DP_POLL, &dvp); + + if (ret < 0 && errno != EINTR) { + throw FDMultiplexerException("/dev/poll returned error: " + stringerror()); + } + + for (int n = 0; n < ret; ++n) { + fds.push_back(pollfds.at(n).fd); + } +} + +int DevPollFDMultiplexer::run(struct timeval* now, int timeout) +{ + if (d_inrun) { + throw FDMultiplexerException("FDMultiplexer::run() is not reentrant!\n"); + } + std::vector fds(d_readCallbacks.size() + d_writeCallbacks.size()); + struct dvpoll dvp; + dvp.dp_nfds = d_readCallbacks.size() + d_writeCallbacks.size(); + dvp.dp_fds = fds.data(); + dvp.dp_timeout = timeout; + int ret = ioctl(d_devpollfd, DP_POLL, &dvp); + int err = errno; + gettimeofday(now, nullptr); // MANDATORY! + + if (ret < 0 && err != EINTR) { + throw FDMultiplexerException("/dev/poll returned error: " + stringerror(err)); + } + + if (ret < 1) { // thanks AB! + return 0; + } + + d_inrun = true; + int count = 0; + for (int n = 0; n < ret; ++n) { + if ((fds.at(n).revents & POLLIN) || (fds.at(n).revents & POLLERR) || (fds.at(n).revents & POLLHUP)) { + const auto& iter = d_readCallbacks.find(fds.at(n).fd); + if (iter != d_readCallbacks.end()) { + iter->d_callback(iter->d_fd, iter->d_parameter); + count++; + } + } + + if ((fds.at(n).revents & POLLOUT) || (fds.at(n).revents & POLLERR)) { + const auto& iter = d_writeCallbacks.find(fds.at(n).fd); + if (iter != d_writeCallbacks.end()) { + iter->d_callback(iter->d_fd, iter->d_parameter); + count++; + } + } + } + + d_inrun = false; + return count; +} + +#if 0 +void acceptData(int fd, funcparam_t& parameter) +{ + cout<<"Have data on fd "<(parameter); + string packet; + IPEndpoint rem; + sock->recvFrom(packet, rem); + cout<<"Received "< +#include +#include +#include +#include "dnsparser.hh" + +std::vector RCode::rcodes_s = boost::assign::list_of + ("No Error") + ("Form Error") + ("Server Failure") + ("Non-Existent domain") + ("Not Implemented") + ("Query Refused") + ("Name Exists when it should not") + ("RR Set Exists when it should not") + ("RR Set that should exist does not") + ("Server Not Authoritative for zone / Not Authorized") + ("Name not contained in zone") + ("Err#11") + ("Err#12") + ("Err#13") + ("Err#14") + ("Err#15") // Last non-extended RCode + ("Bad OPT Version / TSIG Signature Failure") + ("Key not recognized") + ("Signature out of time window") + ("Bad TKEY Mode") + ("Duplicate key name") + ("Algorithm not supported") + ("Bad Truncation") + ("Bad/missing Server Cookie") +; + +std::string RCode::to_s(uint8_t rcode) { + if (rcode > 0xF) + return std::string("ErrOutOfRange"); + return ERCode::to_s(rcode); +} + +std::string ERCode::to_s(uint8_t rcode) { + if (rcode > RCode::rcodes_s.size()-1) + return std::string("Err#")+std::to_string(rcode); + return RCode::rcodes_s[rcode]; +} + +std::string Opcode::to_s(uint8_t opcode) { + static const std::vector s_opcodes = { "Query", "IQuery", "Status", "3", "Notify", "Update" }; + + if (opcode >= s_opcodes.size()) { + return std::to_string(opcode); + } + + return s_opcodes.at(opcode); +} + +// goal is to hash based purely on the question name, and turn error into 'default' +uint32_t hashQuestion(const uint8_t* packet, uint16_t packet_len, uint32_t init) +{ + if (packet_len < sizeof(dnsheader)) { + return init; + } + // C++ 17 does not have std::u8string_view + std::basic_string_view name(packet + sizeof(dnsheader), packet_len - sizeof(dnsheader)); + std::basic_string_view::size_type len = 0; + + while (len < name.length()) { + uint8_t labellen = name[len++]; + if (labellen == 0) { + // len is name.length() at max as it was < before the increment + return burtleCI(name.data(), len, init); + } + len += labellen; + } + // We've encountered a label that is too long + return init; +} + diff --git a/dns.hh b/dns.hh new file mode 100644 index 0000000..a23ad5b --- /dev/null +++ b/dns.hh @@ -0,0 +1,245 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once +#include +#include +#include +#include +#include +#include "qtype.hh" +#include "dnsname.hh" +#include +#include + +#undef BADSIG // signal.h SIG_ERR + +class DNSBackend; +struct DNSRecord; + +struct SOAData +{ + SOAData() : ttl(0), serial(0), refresh(0), retry(0), expire(0), minimum(0), db(0), domain_id(-1) {}; + + DNSName qname; + DNSName nameserver; + DNSName hostmaster; + uint32_t ttl; + uint32_t serial; + uint32_t refresh; + uint32_t retry; + uint32_t expire; + uint32_t minimum; + DNSBackend *db; + int domain_id; + + uint32_t getNegativeTTL() const { return min(ttl, minimum); } +}; + +class RCode +{ +public: + enum rcodes_ { NoError=0, FormErr=1, ServFail=2, NXDomain=3, NotImp=4, Refused=5, YXDomain=6, YXRRSet=7, NXRRSet=8, NotAuth=9, NotZone=10}; + static std::string to_s(uint8_t rcode); + static std::vector rcodes_s; +}; + +class ERCode +{ +public: + enum rcodes_ { BADVERS=16, BADSIG=16, BADKEY=17, BADTIME=18, BADMODE=19, BADNAME=20, BADALG=21, BADTRUNC=22, BADCOOKIE=23 }; + static std::string to_s(uint8_t rcode); +}; + +class Opcode +{ +public: + enum { Query=0, IQuery=1, Status=2, Notify=4, Update=5 }; + static std::string to_s(uint8_t opcode); +}; + +//! This class represents a resource record +class DNSResourceRecord +{ +public: + DNSResourceRecord() : last_modified(0), ttl(0), signttl(0), domain_id(-1), qclass(1), scopeMask(0), auth(1), disabled(0) {}; + static DNSResourceRecord fromWire(const DNSRecord& d); + + enum Place : uint8_t {QUESTION=0, ANSWER=1, AUTHORITY=2, ADDITIONAL=3}; //!< Type describing the positioning within, say, a DNSPacket + + void setContent(const string& content); + string getZoneRepresentation(bool noDot=false) const; + + // data + DNSName qname; //!< the name of this record, for example: www.powerdns.com + DNSName ordername; + DNSName wildcardname; + string content; //!< what this record points to. Example: 10.1.2.3 + + // Aligned on 8-byte boundaries on systems where time_t is 8 bytes and int + // is 4 bytes, aka modern linux on x86_64 + time_t last_modified; //!< For autocalculating SOA serial numbers - the backend needs to fill this in + + uint32_t ttl; //!< Time To Live of this record + uint32_t signttl; //!< If non-zero, use this TTL as original TTL in the RRSIG + + int domain_id; //!< If a backend implements this, the domain_id of the zone this record is in + QType qtype; //!< qtype of this record, ie A, CNAME, MX etc + uint16_t qclass; //!< class of this record + + uint8_t scopeMask; + bool auth; + bool disabled; + + bool operator==(const DNSResourceRecord& rhs); + + bool operator<(const DNSResourceRecord &b) const + { + if(qname < b.qname) + return true; + if(qname == b.qname) + return(content < b.content); + return false; + } +}; + +#define GCCPACKATTRIBUTE __attribute__((packed)) + +struct dnsrecordheader +{ + uint16_t d_type; + uint16_t d_class; + uint32_t d_ttl; + uint16_t d_clen; +} GCCPACKATTRIBUTE; + +struct EDNS0Record +{ + uint8_t extRCode, version; + uint16_t extFlags; +} GCCPACKATTRIBUTE; + +static_assert(sizeof(EDNS0Record) == 4, "EDNS0Record size must be 4"); + +#if defined(__FreeBSD__) || defined(__APPLE__) || defined(__OpenBSD__) || defined(__DragonFly__) || defined(__FreeBSD_kernel__) || defined(__NetBSD__) +#include +#elif __linux__ || __GNU__ +# include + +#else // with thanks to + +# define LITTLE_ENDIAN 1234 /* least-significant byte first (vax, pc) */ +# define BIG_ENDIAN 4321 /* most-significant byte first (IBM, net) */ +# define PDP_ENDIAN 3412 /* LSB first in word, MSW first in long (pdp) */ + +#if defined(vax) || defined(ns32000) || defined(sun386) || defined(i386) || \ + defined(__i386) || defined(__ia64) || defined(__amd64) || \ + defined(MIPSEL) || defined(_MIPSEL) || defined(BIT_ZERO_ON_RIGHT) || \ + defined(__alpha__) || defined(__alpha) || \ + (defined(__Lynx__) && defined(__x86__)) +# define BYTE_ORDER LITTLE_ENDIAN +#endif + +#if defined(sel) || defined(pyr) || defined(mc68000) || defined(sparc) || \ + defined(__sparc) || \ + defined(is68k) || defined(tahoe) || defined(ibm032) || defined(ibm370) || \ + defined(MIPSEB) || defined(_MIPSEB) || defined(_IBMR2) || defined(DGUX) ||\ + defined(apollo) || defined(__convex__) || defined(_CRAY) || \ + defined(__hppa) || defined(__hp9000) || \ + defined(__hp9000s300) || defined(__hp9000s700) || \ + defined(__hp3000s900) || defined(MPE) || \ + defined(BIT_ZERO_ON_LEFT) || defined(m68k) || \ + (defined(__Lynx__) && \ + (defined(__68k__) || defined(__sparc__) || defined(__powerpc__))) +# define BYTE_ORDER BIG_ENDIAN +#endif + +#endif + +struct dnsheader { + unsigned id :16; /* query identification number */ +#if BYTE_ORDER == BIG_ENDIAN + /* fields in third byte */ + unsigned qr: 1; /* response flag */ + unsigned opcode: 4; /* purpose of message */ + unsigned aa: 1; /* authoritative answer */ + unsigned tc: 1; /* truncated message */ + unsigned rd: 1; /* recursion desired */ + /* fields in fourth byte */ + unsigned ra: 1; /* recursion available */ + unsigned unused :1; /* unused bits (MBZ as of 4.9.3a3) */ + unsigned ad: 1; /* authentic data from named */ + unsigned cd: 1; /* checking disabled by resolver */ + unsigned rcode :4; /* response code */ +#elif BYTE_ORDER == LITTLE_ENDIAN || BYTE_ORDER == PDP_ENDIAN + /* fields in third byte */ + unsigned rd :1; /* recursion desired */ + unsigned tc :1; /* truncated message */ + unsigned aa :1; /* authoritative answer */ + unsigned opcode :4; /* purpose of message */ + unsigned qr :1; /* response flag */ + /* fields in fourth byte */ + unsigned rcode :4; /* response code */ + unsigned cd: 1; /* checking disabled by resolver */ + unsigned ad: 1; /* authentic data from named */ + unsigned unused :1; /* unused bits (MBZ as of 4.9.3a3) */ + unsigned ra :1; /* recursion available */ +#endif + /* remaining bytes */ + unsigned qdcount :16; /* number of question entries */ + unsigned ancount :16; /* number of answer entries */ + unsigned nscount :16; /* number of authority entries */ + unsigned arcount :16; /* number of resource entries */ +}; + +static_assert(sizeof(dnsheader) == 12, "dnsheader size must be 12"); + +inline uint16_t * getFlagsFromDNSHeader(struct dnsheader * dh) +{ + return (uint16_t*) (((char *) dh) + sizeof(uint16_t)); +} + +#define DNS_TYPE_SIZE (2) +#define DNS_CLASS_SIZE (2) +#define DNS_TTL_SIZE (4) +#define DNS_RDLENGTH_SIZE (2) +#define EDNS_EXTENDED_RCODE_SIZE (1) +#define EDNS_VERSION_SIZE (1) +#define EDNS_OPTION_CODE_SIZE (2) +#define EDNS_OPTION_LENGTH_SIZE (2) + +#if BYTE_ORDER == BIG_ENDIAN +#define FLAGS_RD_OFFSET (8) +#define FLAGS_CD_OFFSET (12) +#elif BYTE_ORDER == LITTLE_ENDIAN || BYTE_ORDER == PDP_ENDIAN +#define FLAGS_RD_OFFSET (0) +#define FLAGS_CD_OFFSET (12) +#endif + +extern time_t s_starttime; + +uint32_t hashQuestion(const uint8_t* packet, uint16_t len, uint32_t init); + +struct TSIGTriplet +{ + DNSName name, algo; + string secret; +}; diff --git a/dnscrypt.cc b/dnscrypt.cc new file mode 100644 index 0000000..74d9182 --- /dev/null +++ b/dnscrypt.cc @@ -0,0 +1,868 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "config.h" +#ifdef HAVE_DNSCRYPT +#include +#include "dolog.hh" +#include "dnscrypt.hh" +#include "dnswriter.hh" + +DNSCryptPrivateKey::DNSCryptPrivateKey() +{ + sodium_memzero(key, sizeof(key)); + sodium_mlock(key, sizeof(key)); +} + +void DNSCryptPrivateKey::loadFromFile(const std::string& keyFile) +{ + ifstream file(keyFile); + sodium_memzero(key, sizeof(key)); + file.read((char*) key, sizeof(key)); + + if (file.fail()) { + sodium_memzero(key, sizeof(key)); + file.close(); + throw std::runtime_error("Invalid DNSCrypt key file " + keyFile); + } + + file.close(); +} + +void DNSCryptPrivateKey::saveToFile(const std::string& keyFile) const +{ + ofstream file(keyFile); + file.write(reinterpret_cast(key), sizeof(key)); + file.close(); +} + +DNSCryptPrivateKey::~DNSCryptPrivateKey() +{ + sodium_munlock(key, sizeof(key)); +} + +DNSCryptExchangeVersion DNSCryptQuery::getVersion() const +{ + if (d_pair == nullptr) { + throw std::runtime_error("Unable to determine the version of a DNSCrypt query if there is not associated cert"); + } + + return DNSCryptContext::getExchangeVersion(d_pair->cert); +} + +#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM +DNSCryptQuery::~DNSCryptQuery() +{ + if (d_sharedKeyComputed) { + sodium_munlock(d_sharedKey, sizeof(d_sharedKey)); + } +} + +int DNSCryptQuery::computeSharedKey() +{ + assert(d_pair != nullptr); + + int res = 0; + + if (d_sharedKeyComputed) { + return res; + } + + const DNSCryptExchangeVersion version = DNSCryptContext::getExchangeVersion(d_pair->cert); + + sodium_mlock(d_sharedKey, sizeof(d_sharedKey)); + + if (version == DNSCryptExchangeVersion::VERSION1) { + res = crypto_box_beforenm(d_sharedKey, + d_header.clientPK, + d_pair->privateKey.key); + } + else if (version == DNSCryptExchangeVersion::VERSION2) { +#ifdef HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY + res = crypto_box_curve25519xchacha20poly1305_beforenm(d_sharedKey, + d_header.clientPK, + d_pair->privateKey.key); +#else /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ + res = -1; +#endif /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ + } + else { + res = -1; + } + + if (res != 0) { + sodium_munlock(d_sharedKey, sizeof(d_sharedKey)); + return res; + } + + d_sharedKeyComputed = true; + return res; +} +#else +DNSCryptQuery::~DNSCryptQuery() +{ +} +#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */ + + +DNSCryptContext::~DNSCryptContext() { +} + +DNSCryptContext::DNSCryptContext(const std::string& pName, const std::vector& certKeys): d_certKeyPaths(certKeys), providerName(pName) +{ + reloadCertificates(); +} + +DNSCryptContext::DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey): providerName(pName) +{ + addNewCertificate(certificate, pKey); +} + +void DNSCryptContext::generateProviderKeys(unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE], unsigned char privateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE]) +{ + int res = crypto_sign_ed25519_keypair(publicKey, privateKey); + + if (res != 0) { + throw std::runtime_error("Error generating DNSCrypt provider keys"); + } +} + +std::string DNSCryptContext::getProviderFingerprint(unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]) +{ + boost::format fmt("%02X%02X"); + ostringstream ret; + + for (size_t idx = 0; idx < DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE; idx += 2) + { + ret << (fmt % static_cast(publicKey[idx]) % static_cast(publicKey[idx+1])); + if (idx < (DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE - 2)) { + ret << ":"; + } + } + + return ret.str(); +} + +void DNSCryptContext::setExchangeVersion(const DNSCryptExchangeVersion& version, unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]) +{ + esVersion[0] = 0x00; + + if (version == DNSCryptExchangeVersion::VERSION1) { + esVersion[1] = { 0x01 }; + } + else if (version == DNSCryptExchangeVersion::VERSION2) { + esVersion[1] = { 0x02 }; + } + else { + throw std::runtime_error("Unknown DNSCrypt exchange version"); + } +} + +DNSCryptExchangeVersion DNSCryptContext::getExchangeVersion(const unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]) +{ + if (esVersion[0] != 0x00) { + throw std::runtime_error("Unknown DNSCrypt exchange version"); + } + + if (esVersion[1] == 0x01) { + return DNSCryptExchangeVersion::VERSION1; + } + else if (esVersion[1] == 0x02) { + return DNSCryptExchangeVersion::VERSION2; + } + + throw std::runtime_error("Unknown DNSCrypt exchange version"); +} + +DNSCryptExchangeVersion DNSCryptContext::getExchangeVersion(const DNSCryptCert& cert) +{ + return getExchangeVersion(cert.esVersion); +} + + +void DNSCryptContext::generateCertificate(uint32_t serial, time_t begin, time_t end, const DNSCryptExchangeVersion& version, const unsigned char providerPrivateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE], DNSCryptPrivateKey& privateKey, DNSCryptCert& cert) +{ + unsigned char magic[DNSCRYPT_CERT_MAGIC_SIZE] = DNSCRYPT_CERT_MAGIC_VALUE; + unsigned char protocolMinorVersion[] = DNSCRYPT_CERT_PROTOCOL_MINOR_VERSION_VALUE; + unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]; + unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]; + setExchangeVersion(version, esVersion); + + generateResolverKeyPair(privateKey, pubK); + + memcpy(cert.magic, magic, sizeof(magic)); + memcpy(cert.esVersion, esVersion, sizeof(esVersion)); + memcpy(cert.protocolMinorVersion, protocolMinorVersion, sizeof(protocolMinorVersion)); + memcpy(cert.signedData.resolverPK, pubK, sizeof(cert.signedData.resolverPK)); + memcpy(cert.signedData.clientMagic, pubK, sizeof(cert.signedData.clientMagic)); + cert.signedData.serial = htonl(serial); + cert.signedData.tsStart = htonl((uint32_t) begin); + cert.signedData.tsEnd = htonl((uint32_t) end); + + unsigned long long signatureSize = 0; + + int res = crypto_sign_ed25519(cert.signature, + &signatureSize, + (unsigned char*) &cert.signedData, + sizeof(cert.signedData), + providerPrivateKey); + + if (res == 0) { + assert(signatureSize == sizeof(DNSCryptCertSignedData) + DNSCRYPT_SIGNATURE_SIZE); + } + else { + throw std::runtime_error("Error generating DNSCrypt certificate"); + } +} + +void DNSCryptContext::loadCertFromFile(const std::string&filename, DNSCryptCert& dest) +{ + ifstream file(filename); + file.read((char *) &dest, sizeof(dest)); + + if (file.fail()) + throw std::runtime_error("Invalid dnscrypt certificate file " + filename); + + file.close(); +} + +void DNSCryptContext::saveCertFromFile(const DNSCryptCert& cert, const std::string&filename) +{ + ofstream file(filename); + file.write(reinterpret_cast(&cert), sizeof(cert)); + file.close(); +} + +void DNSCryptContext::generateResolverKeyPair(DNSCryptPrivateKey& privK, unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]) +{ + int res = crypto_box_keypair(pubK, privK.key); + + if (res != 0) { + throw std::runtime_error("Error generating DNSCrypt resolver keys"); + } +} + +void DNSCryptContext::computePublicKeyFromPrivate(const DNSCryptPrivateKey& privK, unsigned char* pubK) +{ + int res = crypto_scalarmult_base(pubK, + privK.key); + + if (res != 0) { + throw std::runtime_error("Error computing dnscrypt public key from the private one"); + } +} + +std::string DNSCryptContext::certificateDateToStr(uint32_t date) +{ + char buf[20]; + time_t tdate = static_cast(ntohl(date)); + struct tm date_tm; + + localtime_r(&tdate, &date_tm); + strftime(buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", &date_tm); + + return string(buf); +} + +void DNSCryptContext::addNewCertificate(std::shared_ptr& newCert, bool reload) +{ + auto certs = d_certs.write_lock(); + + for (auto pair : *certs) { + if (pair->cert.getSerial() == newCert->cert.getSerial()) { + if (reload) { + /* on reload we just assume that this is the same certificate */ + return; + } + else { + throw std::runtime_error("Error adding a new certificate: we already have a certificate with the same serial"); + } + } + } + + certs->push_back(newCert); +} + +void DNSCryptContext::addNewCertificate(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, bool active, bool reload) +{ + auto pair = std::make_shared(); + pair->cert = newCert; + pair->privateKey = newKey; + computePublicKeyFromPrivate(pair->privateKey, pair->publicKey); + pair->active = active; + + addNewCertificate(pair, reload); +} + +std::shared_ptr DNSCryptContext::loadCertificatePair(const std::string& certFile, const std::string& keyFile) +{ + auto pair = std::make_shared(); + loadCertFromFile(certFile, pair->cert); + pair->privateKey.loadFromFile(keyFile); + pair->active = true; + computePublicKeyFromPrivate(pair->privateKey, pair->publicKey); + return pair; +} + +void DNSCryptContext::loadNewCertificate(const std::string& certFile, const std::string& keyFile, bool active, bool reload) +{ + auto newPair = DNSCryptContext::loadCertificatePair(certFile, keyFile); + newPair->active = active; + addNewCertificate(newPair, reload); + d_certKeyPaths.write_lock()->push_back({certFile, keyFile}); +} + +void DNSCryptContext::reloadCertificates() +{ + std::vector> newCerts; + { + auto paths = d_certKeyPaths.read_lock(); + newCerts.reserve(paths->size()); + for (const auto& pair : *paths) { + newCerts.push_back(DNSCryptContext::loadCertificatePair(pair.cert, pair.key)); + } + } + + { + *(d_certs.write_lock()) = std::move(newCerts); + } +} + +std::vector> DNSCryptContext::getCertificates() { + std::vector> ret = *(d_certs.read_lock()); + return ret; +}; + +void DNSCryptContext::markActive(uint32_t serial) +{ + for (auto pair : *d_certs.write_lock()) { + if (pair->active == false && pair->cert.getSerial() == serial) { + pair->active = true; + return; + } + } + throw std::runtime_error("No inactive certificate found with this serial"); +} + +void DNSCryptContext::markInactive(uint32_t serial) +{ + for (auto pair : *d_certs.write_lock()) { + if (pair->active == true && pair->cert.getSerial() == serial) { + pair->active = false; + return; + } + } + throw std::runtime_error("No active certificate found with this serial"); +} + +void DNSCryptContext::removeInactiveCertificate(uint32_t serial) +{ + auto certs = d_certs.write_lock(); + + for (auto it = certs->begin(); it != certs->end(); ) { + if ((*it)->active == false && (*it)->cert.getSerial() == serial) { + it = certs->erase(it); + return; + } else { + it++; + } + } + throw std::runtime_error("No inactive certificate found with this serial"); +} + +bool DNSCryptQuery::parsePlaintextQuery(const PacketBuffer& packet) +{ + assert(d_ctx != nullptr); + + if (packet.size() < sizeof(dnsheader)) { + return false; + } + + const struct dnsheader * dh = reinterpret_cast(packet.data()); + if (dh->qr || ntohs(dh->qdcount) != 1 || dh->ancount != 0 || dh->nscount != 0 || dh->opcode != Opcode::Query) + return false; + + unsigned int qnameWireLength; + uint16_t qtype, qclass; + DNSName qname(reinterpret_cast(packet.data()), packet.size(), sizeof(dnsheader), false, &qtype, &qclass, &qnameWireLength); + if ((packet.size() - sizeof(dnsheader)) < (qnameWireLength + sizeof(qtype) + sizeof(qclass))) { + return false; + } + + if (qtype != QType::TXT || qclass != QClass::IN) { + return false; + } + + if (qname != d_ctx->getProviderName()) { + return false; + } + + d_qname = qname; + d_id = dh->id; + d_valid = true; + + return true; +} + +void DNSCryptContext::getCertificateResponse(time_t now, const DNSName& qname, uint16_t qid, PacketBuffer& response) +{ + GenericDNSPacketWriter pw(response, qname, QType::TXT, QClass::IN, Opcode::Query); + struct dnsheader * dh = pw.getHeader(); + dh->id = qid; + dh->qr = true; + dh->rcode = RCode::NoError; + + auto certs = d_certs.read_lock(); + for (const auto& pair : *certs) { + if (!pair->active || !pair->cert.isValid(now)) { + continue; + } + + pw.startRecord(qname, QType::TXT, (DNSCRYPT_CERTIFICATE_RESPONSE_TTL), QClass::IN, DNSResourceRecord::ANSWER, true); + std::string scert; + uint8_t certSize = sizeof(pair->cert); + scert.assign((const char*) &certSize, sizeof(certSize)); + scert.append((const char*) &pair->cert, certSize); + + pw.xfrBlob(scert); + pw.commit(); + } +} + +bool DNSCryptContext::magicMatchesAPublicKey(DNSCryptQuery& query, time_t now) +{ + const unsigned char* magic = query.getClientMagic(); + + auto certs = d_certs.read_lock(); + for (const auto& pair : *certs) { + if (pair->cert.isValid(now) && memcmp(magic, pair->cert.signedData.clientMagic, DNSCRYPT_CLIENT_MAGIC_SIZE) == 0) { + query.setCertificatePair(pair); + return true; + } + } + + return false; +} + +bool DNSCryptQuery::isEncryptedQuery(const PacketBuffer& packet, bool tcp, time_t now) +{ + assert(d_ctx != nullptr); + + d_encrypted = false; + + if (packet.size() < sizeof(DNSCryptQueryHeader)) { + return false; + } + + if (!tcp && packet.size() < DNSCryptQuery::s_minUDPLength) { + return false; + } + + const struct DNSCryptQueryHeader* header = reinterpret_cast(packet.data()); + + d_header = *header; + + if (!d_ctx->magicMatchesAPublicKey(*this, now)) { + return false; + } + + d_encrypted = true; + + return true; +} + +void DNSCryptQuery::getDecrypted(bool tcp, PacketBuffer& packet) +{ + assert(d_encrypted); + assert(d_pair != nullptr); + assert(d_valid == false); + +#ifdef DNSCRYPT_STRICT_PADDING_LENGTH + if (tcp && ((packet.size() - sizeof(DNSCryptQueryHeader)) % DNSCRYPT_PADDED_BLOCK_SIZE) != 0) { + vinfolog("Dropping encrypted query with invalid size of %d (should be a multiple of %d)", (packet.size() - sizeof(DNSCryptQueryHeader)), DNSCRYPT_PADDED_BLOCK_SIZE); + return; + } +#endif + + unsigned char nonce[DNSCRYPT_NONCE_SIZE]; + static_assert(sizeof(nonce) == (2* sizeof(d_header.clientNonce)), "Nonce should be larger than clientNonce (half)"); + static_assert(sizeof(d_header.clientPK) == DNSCRYPT_PUBLIC_KEY_SIZE, "Client Public key size is not right"); + static_assert(sizeof(d_pair->privateKey.key) == DNSCRYPT_PRIVATE_KEY_SIZE, "Private key size is not right"); + + memcpy(nonce, &d_header.clientNonce, sizeof(d_header.clientNonce)); + memset(nonce + sizeof(d_header.clientNonce), 0, sizeof(nonce) - sizeof(d_header.clientNonce)); + +#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM + int res = computeSharedKey(); + if (res != 0) { + vinfolog("Dropping encrypted query we can't compute the shared key for"); + return; + } + + const DNSCryptExchangeVersion version = getVersion(); + + if (version == DNSCryptExchangeVersion::VERSION1) { + res = crypto_box_open_easy_afternm(reinterpret_cast(packet.data()), + reinterpret_cast(&packet.at(sizeof(DNSCryptQueryHeader))), + packet.size() - sizeof(DNSCryptQueryHeader), + nonce, + d_sharedKey); + } + else if (version == DNSCryptExchangeVersion::VERSION2) { +#ifdef HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY + res = crypto_box_curve25519xchacha20poly1305_open_easy_afternm(reinterpret_cast(packet.data()), + reinterpret_cast(&packet.at(sizeof(DNSCryptQueryHeader))), + packet.size() - sizeof(DNSCryptQueryHeader), + nonce, + d_sharedKey); +#else /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ + res = -1; +#endif /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ + } else { + res = -1; + } + +#else /* HAVE_CRYPTO_BOX_EASY_AFTERNM */ + int res = crypto_box_open_easy(reinterpret_cast(packet.data()), + reinterpret_cast(&packet.at(sizeof(DNSCryptQueryHeader))), + packet.size() - sizeof(DNSCryptQueryHeader), + nonce, + d_header.clientPK, + d_pair->privateKey.key); +#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */ + + if (res != 0) { + vinfolog("Dropping encrypted query we can't decrypt"); + return; + } + + uint16_t decryptedQueryLen = packet.size() - sizeof(DNSCryptQueryHeader) - DNSCRYPT_MAC_SIZE; + uint16_t pos = decryptedQueryLen; + assert(pos < packet.size()); + d_paddedLen = decryptedQueryLen; + + while (pos > 0 && packet.at(pos - 1) == 0) pos--; + + if (pos == 0 || packet.at(pos - 1) != 0x80) { + vinfolog("Dropping encrypted query with invalid padding value"); + return; + } + + pos--; + + size_t paddingLen = decryptedQueryLen - pos; + packet.resize(pos); + + if (tcp && paddingLen > DNSCRYPT_MAX_TCP_PADDING_SIZE) { + vinfolog("Dropping encrypted query with too long padding size"); + return; + } + + d_len = pos; + d_valid = true; +} + +void DNSCryptQuery::getCertificateResponse(time_t now, PacketBuffer& response) const +{ + assert(d_ctx != nullptr); + d_ctx->getCertificateResponse(now, d_qname, d_id, response); +} + +void DNSCryptQuery::parsePacket(PacketBuffer& packet, bool tcp, time_t now) +{ + d_valid = false; + + /* might be a plaintext certificate request or an authenticated request */ + if (isEncryptedQuery(packet, tcp, now)) { + getDecrypted(tcp, packet); + } + else { + parsePlaintextQuery(packet); + } +} + +void DNSCryptQuery::fillServerNonce(unsigned char* nonce) const +{ + uint32_t* dest = reinterpret_cast(nonce); + static const size_t nonceSize = DNSCRYPT_NONCE_SIZE / 2; + + for (size_t pos = 0; pos < (nonceSize / sizeof(*dest)); pos++) + { + const uint32_t value = randombytes_random(); + memcpy(dest + pos, &value, sizeof(value)); + } +} + +/* + "The length of must be between 0 and 256 bytes, + and must be constant for a given (, ) tuple." +*/ +uint16_t DNSCryptQuery::computePaddingSize(uint16_t unpaddedLen, size_t maxLen) const +{ + size_t paddedSize = 0; + uint16_t result = 0; + uint32_t rnd = 0; + assert(d_header.clientNonce); + assert(d_pair != nullptr); + + unsigned char nonce[DNSCRYPT_NONCE_SIZE]; + memcpy(nonce, d_header.clientNonce, (DNSCRYPT_NONCE_SIZE / 2)); + memcpy(&(nonce[DNSCRYPT_NONCE_SIZE / 2]), d_header.clientNonce, (DNSCRYPT_NONCE_SIZE / 2)); + crypto_stream((unsigned char*) &rnd, sizeof(rnd), nonce, d_pair->privateKey.key); + + paddedSize = unpaddedLen + rnd % (maxLen - unpaddedLen + 1); + paddedSize += DNSCRYPT_PADDED_BLOCK_SIZE - (paddedSize % DNSCRYPT_PADDED_BLOCK_SIZE); + + if (paddedSize > maxLen) + paddedSize = maxLen; + + result = paddedSize - unpaddedLen; + + return result; +} + +int DNSCryptQuery::encryptResponse(PacketBuffer& response, size_t maxResponseSize, bool tcp) +{ + struct DNSCryptResponseHeader responseHeader; + assert(response.size() > 0); + assert(maxResponseSize >= response.size()); + assert(d_encrypted == true); + assert(d_pair != nullptr); + + /* a DNSCrypt UDP response can't be larger than the (padded) DNSCrypt query */ + if (!tcp && d_paddedLen < response.size()) { + /* so we need to truncate it */ + size_t questionSize = 0; + + if (response.size() > sizeof(dnsheader)) { + unsigned int qnameWireLength = 0; + DNSName tempQName(reinterpret_cast(response.data()), response.size(), sizeof(dnsheader), false, 0, 0, &qnameWireLength); + if (qnameWireLength > 0) { + questionSize = qnameWireLength + DNS_TYPE_SIZE + DNS_CLASS_SIZE; + } + } + + response.resize(sizeof(dnsheader) + questionSize); + + if (response.size() > d_paddedLen) { + /* that does not seem right but let's truncate even more */ + response.resize(d_paddedLen); + } + struct dnsheader* dh = reinterpret_cast(response.data()); + dh->ancount = dh->arcount = dh->nscount = 0; + dh->tc = 1; + } + + size_t requiredSize = sizeof(responseHeader) + DNSCRYPT_MAC_SIZE + response.size(); + size_t maxSize = std::min(maxResponseSize, requiredSize + DNSCRYPT_MAX_RESPONSE_PADDING_SIZE); + uint16_t paddingSize = computePaddingSize(requiredSize, maxSize); + requiredSize += paddingSize; + + if (requiredSize > maxResponseSize) { + return ENOBUFS; + } + + memcpy(&responseHeader.nonce, &d_header.clientNonce, sizeof d_header.clientNonce); + fillServerNonce(&(responseHeader.nonce[sizeof(d_header.clientNonce)])); + + size_t responseLen = response.size(); + /* moving the existing response after the header + MAC */ + response.resize(requiredSize); + std::copy_backward(response.begin(), response.begin() + responseLen, response.begin() + responseLen + sizeof(responseHeader) + DNSCRYPT_MAC_SIZE); + + uint16_t pos = 0; + /* copying header */ + memcpy(&response.at(pos), &responseHeader, sizeof(responseHeader)); + pos += sizeof(responseHeader); + /* setting MAC bytes to 0 */ + memset(&response.at(pos), 0, DNSCRYPT_MAC_SIZE); + pos += DNSCRYPT_MAC_SIZE; + uint16_t toEncryptPos = pos; + /* skipping response */ + pos += responseLen; + /* padding */ + response.at(pos) = static_cast(0x80); + pos++; + memset(&response.at(pos), 0, paddingSize - 1); + pos += (paddingSize - 1); + + /* encrypting */ +#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM + int res = computeSharedKey(); + if (res != 0) { + return res; + } + + const DNSCryptExchangeVersion version = getVersion(); + + if (version == DNSCryptExchangeVersion::VERSION1) { + res = crypto_box_easy_afternm(reinterpret_cast(&response.at(sizeof(responseHeader))), + reinterpret_cast(&response.at(toEncryptPos)), + responseLen + paddingSize, + responseHeader.nonce, + d_sharedKey); + } + else if (version == DNSCryptExchangeVersion::VERSION2) { +#ifdef HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY + res = crypto_box_curve25519xchacha20poly1305_easy_afternm(reinterpret_cast(&response.at(sizeof(responseHeader))), + reinterpret_cast(&response.at(toEncryptPos)), + responseLen + paddingSize, + responseHeader.nonce, + d_sharedKey); +#else /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ + res = -1; +#endif /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ + } + else { + res = -1; + } +#else + int res = crypto_box_easy(reinterpret_cast(&response.at(sizeof(responseHeader))), + reinterpret_cast(&response.at(toEncryptPos)), + responseLen + paddingSize, + responseHeader.nonce, + d_header.clientPK, + d_pair->privateKey.key); +#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */ + + if (res == 0) { + assert(pos == requiredSize); + } + + return res; +} + +int DNSCryptContext::encryptQuery(PacketBuffer& packet, size_t maximumSize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, const std::shared_ptr& cert) const +{ + assert(packet.size() > 0); + assert(cert != nullptr); + + size_t queryLen = packet.size(); + unsigned char nonce[DNSCRYPT_NONCE_SIZE]; + size_t requiredSize = sizeof(DNSCryptQueryHeader) + DNSCRYPT_MAC_SIZE + queryLen; + /* this is not optimal, we should compute a random padding size, multiple of DNSCRYPT_PADDED_BLOCK_SIZE, + DNSCRYPT_PADDED_BLOCK_SIZE <= padding size <= 4096? */ + uint16_t paddingSize = DNSCRYPT_PADDED_BLOCK_SIZE - (queryLen % DNSCRYPT_PADDED_BLOCK_SIZE); + requiredSize += paddingSize; + + if (!tcp && requiredSize < DNSCryptQuery::s_minUDPLength) { + paddingSize += (DNSCryptQuery::s_minUDPLength - requiredSize); + requiredSize = DNSCryptQuery::s_minUDPLength; + } + + if (requiredSize > maximumSize) { + return ENOBUFS; + } + + /* moving the existing query after the header + MAC */ + packet.resize(requiredSize); + std::copy_backward(packet.begin(), packet.begin() + queryLen, packet.begin() + queryLen + sizeof(DNSCryptQueryHeader) + DNSCRYPT_MAC_SIZE); + + size_t pos = 0; + /* client magic */ + memcpy(&packet.at(pos), cert->signedData.clientMagic, sizeof(cert->signedData.clientMagic)); + pos += sizeof(cert->signedData.clientMagic); + + /* client PK */ + memcpy(&packet.at(pos), clientPublicKey, DNSCRYPT_PUBLIC_KEY_SIZE); + pos += DNSCRYPT_PUBLIC_KEY_SIZE; + + /* client nonce */ + memcpy(&packet.at(pos), clientNonce, DNSCRYPT_NONCE_SIZE / 2); + pos += DNSCRYPT_NONCE_SIZE / 2; + size_t encryptedPos = pos; + + /* clear the MAC bytes */ + memset(&packet.at(pos), 0, DNSCRYPT_MAC_SIZE); + pos += DNSCRYPT_MAC_SIZE; + + /* skipping data */ + pos += queryLen; + + /* padding */ + packet.at(pos) = static_cast(0x80); + pos++; + memset(&packet.at(pos), 0, paddingSize - 1); + pos += paddingSize - 1; + + memcpy(nonce, clientNonce, DNSCRYPT_NONCE_SIZE / 2); + memset(nonce + (DNSCRYPT_NONCE_SIZE / 2), 0, DNSCRYPT_NONCE_SIZE / 2); + + const DNSCryptExchangeVersion version = getExchangeVersion(*cert); + int res = -1; + + if (version == DNSCryptExchangeVersion::VERSION1) { + res = crypto_box_easy(reinterpret_cast(&packet.at(encryptedPos)), + reinterpret_cast(&packet.at(encryptedPos + DNSCRYPT_MAC_SIZE)), + queryLen + paddingSize, + nonce, + cert->signedData.resolverPK, + clientPrivateKey.key); + } + else if (version == DNSCryptExchangeVersion::VERSION2) { +#ifdef HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY + res = crypto_box_curve25519xchacha20poly1305_easy(reinterpret_cast(&packet.at(encryptedPos)), + reinterpret_cast(&packet.at(encryptedPos + DNSCRYPT_MAC_SIZE)), + queryLen + paddingSize, + nonce, + cert->signedData.resolverPK, + clientPrivateKey.key); +#endif /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ + } + else { + throw std::runtime_error("Unknown DNSCrypt exchange version"); + } + + if (res == 0) { + assert(pos == requiredSize); + } + + return res; +} + +bool generateDNSCryptCertificate(const std::string& providerPrivateKeyFile, uint32_t serial, time_t begin, time_t end, DNSCryptExchangeVersion version, DNSCryptCert& certOut, DNSCryptPrivateKey& keyOut) +{ + bool success = false; + unsigned char providerPrivateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE]; + sodium_mlock(providerPrivateKey, sizeof(providerPrivateKey)); + sodium_memzero(providerPrivateKey, sizeof(providerPrivateKey)); + + try { + ifstream providerKStream(providerPrivateKeyFile); + providerKStream.read((char*) providerPrivateKey, sizeof(providerPrivateKey)); + if (providerKStream.fail()) { + providerKStream.close(); + throw std::runtime_error("Invalid DNSCrypt provider key file " + providerPrivateKeyFile); + } + + DNSCryptContext::generateCertificate(serial, begin, end, version, providerPrivateKey, keyOut, certOut); + success = true; + } + catch(const std::exception& e) { + errlog(e.what()); + } + + sodium_memzero(providerPrivateKey, sizeof(providerPrivateKey)); + sodium_munlock(providerPrivateKey, sizeof(providerPrivateKey)); + return success; +} + +#endif diff --git a/dnscrypt.hh b/dnscrypt.hh new file mode 100644 index 0000000..ff4d94c --- /dev/null +++ b/dnscrypt.hh @@ -0,0 +1,302 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once +#include "config.h" + +#ifndef HAVE_DNSCRYPT + +/* let's just define a few types and values so that the rest of + the code can ignore whether DNSCrypt support is available */ +#define DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE (0) + +class DNSCryptContext +{ +}; + +class DNSCryptQuery +{ + DNSCryptQuery(const std::shared_ptr& ctx): d_ctx(ctx) + { + } +private: + std::shared_ptr d_ctx{nullptr}; +}; + +#else /* HAVE_DNSCRYPT */ + +#include +#include +#include +#include + +#include + +#include "dnsname.hh" +#include "lock.hh" +#include "noinitvector.hh" + +#define DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE (crypto_sign_ed25519_PUBLICKEYBYTES) +#define DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE (crypto_sign_ed25519_SECRETKEYBYTES) +#define DNSCRYPT_SIGNATURE_SIZE (crypto_sign_ed25519_BYTES) + +#define DNSCRYPT_PUBLIC_KEY_SIZE (crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES) +#define DNSCRYPT_PRIVATE_KEY_SIZE (crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES) +#define DNSCRYPT_NONCE_SIZE (crypto_box_curve25519xsalsa20poly1305_NONCEBYTES) +#define DNSCRYPT_BEFORENM_SIZE (crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES) +#define DNSCRYPT_MAC_SIZE (crypto_box_curve25519xsalsa20poly1305_MACBYTES) + +#ifdef HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY +static_assert(crypto_box_curve25519xsalsa20poly1305_PUBLICKEYBYTES == crypto_box_curve25519xchacha20poly1305_PUBLICKEYBYTES, "DNSCrypt public key size should be the same for all exchange versions"); +static_assert(crypto_box_curve25519xsalsa20poly1305_SECRETKEYBYTES == crypto_box_curve25519xchacha20poly1305_SECRETKEYBYTES, "DNSCrypt private key size should be the same for all exchange versions"); +static_assert(crypto_box_curve25519xchacha20poly1305_NONCEBYTES == crypto_box_curve25519xsalsa20poly1305_NONCEBYTES, "DNSCrypt nonce size should be the same for all exchange versions"); +static_assert(crypto_box_curve25519xsalsa20poly1305_MACBYTES == crypto_box_curve25519xchacha20poly1305_MACBYTES, "DNSCrypt MAC size should be the same for all exchange versions"); +static_assert(crypto_box_curve25519xchacha20poly1305_BEFORENMBYTES == crypto_box_curve25519xsalsa20poly1305_BEFORENMBYTES, "DNSCrypt BEFORENM size should be the same for all exchange versions"); +#endif /* HAVE_CRYPTO_BOX_CURVE25519XCHACHA20POLY1305_EASY */ + +#define DNSCRYPT_CERT_MAGIC_SIZE (4) +#define DNSCRYPT_CERT_MAGIC_VALUE { 0x44, 0x4e, 0x53, 0x43 } +#define DNSCRYPT_CERT_PROTOCOL_MINOR_VERSION_VALUE { 0x00, 0x00 } +#define DNSCRYPT_CLIENT_MAGIC_SIZE (8) +#define DNSCRYPT_RESOLVER_MAGIC { 0x72, 0x36, 0x66, 0x6e, 0x76, 0x57, 0x6a, 0x38 } +#define DNSCRYPT_RESOLVER_MAGIC_SIZE (8) +#define DNSCRYPT_PADDED_BLOCK_SIZE (64) +#define DNSCRYPT_MAX_TCP_PADDING_SIZE (256) +#define DNSCRYPT_MAX_RESPONSE_PADDING_SIZE (256) +#define DNSCRYPT_MAX_RESPONSE_PADDING_AND_MAC_SIZE (DNSCRYPT_MAX_RESPONSE_PADDING_SIZE + DNSCRYPT_MAC_SIZE) + +/* "The client must check for new certificates every hour", so let's use one hour TTL */ +#define DNSCRYPT_CERTIFICATE_RESPONSE_TTL (3600) + +static_assert(DNSCRYPT_CLIENT_MAGIC_SIZE <= DNSCRYPT_PUBLIC_KEY_SIZE, "DNSCrypt Client Nonce size should be smaller or equal to public key size."); + +#define DNSCRYPT_CERT_ES_VERSION1_VALUE { 0x00, 0x01 } +#define DNSCRYPT_CERT_ES_VERSION2_VALUE { 0x00, 0x02 } + +class DNSCryptContext; + +struct DNSCryptCertSignedData +{ + unsigned char resolverPK[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]; + unsigned char clientMagic[DNSCRYPT_CLIENT_MAGIC_SIZE]; + uint32_t serial; + uint32_t tsStart; + uint32_t tsEnd; +}; + +class DNSCryptCert +{ +public: + uint32_t getSerial() const + { + return ntohl(signedData.serial); + } + uint32_t getTSStart() const + { + return signedData.tsStart; + } + uint32_t getTSEnd() const + { + return signedData.tsEnd; + } + bool isValid(time_t now) const + { + return ntohl(getTSStart()) <= static_cast(now) && static_cast(now) <= ntohl(getTSEnd()); + } + unsigned char magic[DNSCRYPT_CERT_MAGIC_SIZE]; + unsigned char esVersion[2]; + unsigned char protocolMinorVersion[2]; + unsigned char signature[DNSCRYPT_SIGNATURE_SIZE]; + struct DNSCryptCertSignedData signedData; +}; + +static_assert((sizeof(DNSCryptCertSignedData) + DNSCRYPT_SIGNATURE_SIZE) == 116, "Dnscrypt cert signed data size + signature size should be 116!"); +static_assert(sizeof(DNSCryptCert) == 124, "Dnscrypt cert size should be 124!"); + +struct DNSCryptQueryHeader +{ + unsigned char clientMagic[DNSCRYPT_CLIENT_MAGIC_SIZE]; + unsigned char clientPK[DNSCRYPT_PUBLIC_KEY_SIZE]; + unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2]; +}; + +static_assert(sizeof(DNSCryptQueryHeader) == 52, "Dnscrypt query header size should be 52!"); + +struct DNSCryptResponseHeader +{ + const unsigned char resolverMagic[DNSCRYPT_RESOLVER_MAGIC_SIZE] = DNSCRYPT_RESOLVER_MAGIC; + unsigned char nonce[DNSCRYPT_NONCE_SIZE]; +}; + +typedef enum { + VERSION1, + VERSION2 +} DNSCryptExchangeVersion; + +class DNSCryptPrivateKey +{ +public: + DNSCryptPrivateKey(); + ~DNSCryptPrivateKey(); + void loadFromFile(const std::string& keyFile); + void saveToFile(const std::string& keyFile) const; + + unsigned char key[DNSCRYPT_PRIVATE_KEY_SIZE]; +}; + +struct DNSCryptCertificatePair +{ + unsigned char publicKey[DNSCRYPT_PUBLIC_KEY_SIZE]; + DNSCryptCert cert; + DNSCryptPrivateKey privateKey; + bool active; +}; + +class DNSCryptQuery +{ +public: + DNSCryptQuery(const std::shared_ptr& ctx): d_ctx(ctx) + { + memset(&d_header, 0, sizeof(d_header)); +#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM + memset(&d_sharedKey, 0, sizeof(d_sharedKey)); +#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */ + } + + ~DNSCryptQuery(); + + bool isValid() const + { + return d_valid; + } + + const DNSName& getQName() const + { + return d_qname; + } + + uint16_t getID() const + { + return d_id; + } + + const unsigned char* getClientMagic() const + { + return d_header.clientMagic; + } + + bool isEncrypted() const + { + return d_encrypted; + } + + void setCertificatePair(const std::shared_ptr& pair) + { + d_pair = pair; + } + + void parsePacket(PacketBuffer& packet, bool tcp, time_t now); + void getDecrypted(bool tcp, PacketBuffer& packet); + void getCertificateResponse(time_t now, PacketBuffer& response) const; + int encryptResponse(PacketBuffer& response, size_t maxResponseSize, bool tcp); + + static const size_t s_minUDPLength = 256; + +private: + DNSCryptExchangeVersion getVersion() const; +#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM + int computeSharedKey(); +#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */ + void fillServerNonce(unsigned char* dest) const; + uint16_t computePaddingSize(uint16_t unpaddedLen, size_t maxLen) const; + bool parsePlaintextQuery(const PacketBuffer& packet); + bool isEncryptedQuery(const PacketBuffer& packet, bool tcp, time_t now); + + DNSCryptQueryHeader d_header; +#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM + unsigned char d_sharedKey[crypto_box_BEFORENMBYTES]; +#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */ + DNSName d_qname; + std::shared_ptr d_ctx{nullptr}; + std::shared_ptr d_pair{nullptr}; + uint16_t d_id{0}; + uint16_t d_len{0}; + uint16_t d_paddedLen{0}; + bool d_encrypted{false}; + bool d_valid{false}; + +#ifdef HAVE_CRYPTO_BOX_EASY_AFTERNM + bool d_sharedKeyComputed{false}; +#endif /* HAVE_CRYPTO_BOX_EASY_AFTERNM */ +}; + +class DNSCryptContext +{ +public: + static void generateProviderKeys(unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE], unsigned char privateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE]); + static std::string getProviderFingerprint(unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]); + static void generateCertificate(uint32_t serial, time_t begin, time_t end, const DNSCryptExchangeVersion& version, const unsigned char providerPrivateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE], DNSCryptPrivateKey& privateKey, DNSCryptCert& cert); + static void saveCertFromFile(const DNSCryptCert& cert, const std::string&filename); + static std::string certificateDateToStr(uint32_t date); + static void generateResolverKeyPair(DNSCryptPrivateKey& privK, unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]); + static void setExchangeVersion(const DNSCryptExchangeVersion& version, unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]); + static DNSCryptExchangeVersion getExchangeVersion(const unsigned char esVersion[sizeof(DNSCryptCert::esVersion)]); + static DNSCryptExchangeVersion getExchangeVersion(const DNSCryptCert& cert); + + struct CertKeyPaths + { + std::string cert; + std::string key; + }; + + DNSCryptContext(const std::string& pName, const std::vector& certKeys); + DNSCryptContext(const std::string& pName, const DNSCryptCert& certificate, const DNSCryptPrivateKey& pKey); + ~DNSCryptContext(); + + void reloadCertificates(); + void loadNewCertificate(const std::string& certFile, const std::string& keyFile, bool active=true, bool reload=false); + void addNewCertificate(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, bool active=true, bool reload=false); + + void markActive(uint32_t serial); + void markInactive(uint32_t serial); + void removeInactiveCertificate(uint32_t serial); + std::vector> getCertificates(); + const DNSName& getProviderName() const { return providerName; } + + int encryptQuery(PacketBuffer& query, size_t maximumSize, const unsigned char clientPublicKey[DNSCRYPT_PUBLIC_KEY_SIZE], const DNSCryptPrivateKey& clientPrivateKey, const unsigned char clientNonce[DNSCRYPT_NONCE_SIZE / 2], bool tcp, const std::shared_ptr& cert) const; + bool magicMatchesAPublicKey(DNSCryptQuery& query, time_t now); + void getCertificateResponse(time_t now, const DNSName& qname, uint16_t qid, PacketBuffer& response); + +private: + static void computePublicKeyFromPrivate(const DNSCryptPrivateKey& privK, unsigned char pubK[DNSCRYPT_PUBLIC_KEY_SIZE]); + static void loadCertFromFile(const std::string&filename, DNSCryptCert& dest); + static std::shared_ptr loadCertificatePair(const std::string& certFile, const std::string& keyFile); + + void addNewCertificate(std::shared_ptr& newCert, bool reload=false); + + SharedLockGuarded>> d_certs; + SharedLockGuarded> d_certKeyPaths; + DNSName providerName; +}; + +bool generateDNSCryptCertificate(const std::string& providerPrivateKeyFile, uint32_t serial, time_t begin, time_t end, DNSCryptExchangeVersion version, DNSCryptCert& certOut, DNSCryptPrivateKey& keyOut); + +#endif diff --git a/dnsdist-backend.cc b/dnsdist-backend.cc new file mode 100644 index 0000000..2af756f --- /dev/null +++ b/dnsdist-backend.cc @@ -0,0 +1,291 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "dnsdist.hh" +#include "dnsdist-nghttp2.hh" +#include "dnsdist-tcp.hh" +#include "dolog.hh" + + +bool DownstreamState::passCrossProtocolQuery(std::unique_ptr&& cpq) +{ + if (d_dohPath.empty()) { + return g_tcpclientthreads && g_tcpclientthreads->passCrossProtocolQueryToThread(std::move(cpq)); + } + else { + return g_dohClientThreads && g_dohClientThreads->passCrossProtocolQueryToThread(std::move(cpq)); + } +} + +bool DownstreamState::reconnect() +{ + std::unique_lock tl(connectLock, std::try_to_lock); + if (!tl.owns_lock() || isStopped()) { + /* we are already reconnecting or stopped anyway */ + return false; + } + + connected = false; + for (auto& fd : sockets) { + if (fd != -1) { + if (sockets.size() > 1) { + (*mplexer.lock())->removeReadFD(fd); + } + /* shutdown() is needed to wake up recv() in the responderThread */ + shutdown(fd, SHUT_RDWR); + close(fd); + fd = -1; + } + if (!IsAnyAddress(remote)) { + fd = SSocket(remote.sin4.sin_family, SOCK_DGRAM, 0); + if (!IsAnyAddress(sourceAddr)) { + SSetsockopt(fd, SOL_SOCKET, SO_REUSEADDR, 1); + if (!sourceItfName.empty()) { +#ifdef SO_BINDTODEVICE + int res = setsockopt(fd, SOL_SOCKET, SO_BINDTODEVICE, sourceItfName.c_str(), sourceItfName.length()); + if (res != 0) { + infolog("Error setting up the interface on backend socket '%s': %s", remote.toStringWithPort(), stringerror()); + } +#endif + } + + SBind(fd, sourceAddr); + } + try { + SConnect(fd, remote); + if (sockets.size() > 1) { + (*mplexer.lock())->addReadFD(fd, [](int, boost::any) {}); + } + connected = true; + } + catch(const std::runtime_error& error) { + infolog("Error connecting to new server with address %s: %s", remote.toStringWithPort(), error.what()); + connected = false; + break; + } + } + } + + /* if at least one (re-)connection failed, close all sockets */ + if (!connected) { + for (auto& fd : sockets) { + if (fd != -1) { + if (sockets.size() > 1) { + try { + (*mplexer.lock())->removeReadFD(fd); + } + catch (const FDMultiplexerException& e) { + /* some sockets might not have been added to the multiplexer + yet, that's fine */ + } + } + /* shutdown() is needed to wake up recv() in the responderThread */ + shutdown(fd, SHUT_RDWR); + close(fd); + fd = -1; + } + } + } + + return connected; +} + +void DownstreamState::stop() +{ + d_stopped = true; + + { + std::lock_guard tl(connectLock); + auto slock = mplexer.lock(); + + for (auto& fd : sockets) { + if (fd != -1) { + /* shutdown() is needed to wake up recv() in the responderThread */ + shutdown(fd, SHUT_RDWR); + } + } + } +} + +void DownstreamState::hash() +{ + vinfolog("Computing hashes for id=%s and weight=%d", id, weight); + auto w = weight; + auto lockedHashes = hashes.write_lock(); + lockedHashes->clear(); + lockedHashes->reserve(w); + while (w > 0) { + std::string uuid = boost::str(boost::format("%s-%d") % id % w); + unsigned int wshash = burtleCI(reinterpret_cast(uuid.c_str()), uuid.size(), g_hashperturb); + lockedHashes->push_back(wshash); + --w; + } + std::sort(lockedHashes->begin(), lockedHashes->end()); + hashesComputed = true; +} + +void DownstreamState::setId(const boost::uuids::uuid& newId) +{ + id = newId; + // compute hashes only if already done + if (hashesComputed) { + hash(); + } +} + +void DownstreamState::setWeight(int newWeight) +{ + if (newWeight < 1) { + errlog("Error setting server's weight: downstream weight value must be greater than 0."); + return ; + } + weight = newWeight; + if (hashesComputed) { + hash(); + } +} + +DownstreamState::DownstreamState(const ComboAddress& remote_, const ComboAddress& sourceAddr_, unsigned int sourceItf_, const std::string& sourceItfName_): remote(remote_), sourceAddr(sourceAddr_), sourceItfName(sourceItfName_), name(remote_.toStringWithPort()), nameWithAddr(remote_.toStringWithPort()), sourceItf(sourceItf_) +{ + id = getUniqueID(); + threadStarted.clear(); + + sw.start(); +} + +void DownstreamState::connectUDPSockets(size_t numberOfSockets) +{ + idStates.resize(g_maxOutstanding); + sockets.resize(numberOfSockets); + + if (sockets.size() > 1) { + *(mplexer.lock()) = std::unique_ptr(FDMultiplexer::getMultiplexerSilent()); + } + + for (auto& fd : sockets) { + fd = -1; + } + + reconnect(); +} + +DownstreamState::~DownstreamState() +{ + for (auto& fd : sockets) { + if (fd >= 0) { + close(fd); + fd = -1; + } + } + + // we need to either detach or join the thread before it + // is destroyed + if (threadStarted.test_and_set()) { + tid.detach(); + } +} + +void DownstreamState::incCurrentConnectionsCount() +{ + auto currentConnectionsCount = ++tcpCurrentConnections; + if (currentConnectionsCount > tcpMaxConcurrentConnections) { + tcpMaxConcurrentConnections.store(currentConnectionsCount); + } +} + +size_t ServerPool::countServers(bool upOnly) +{ + size_t count = 0; + auto servers = d_servers.read_lock(); + for (const auto& server : **servers) { + if (!upOnly || std::get<1>(server)->isUp() ) { + count++; + } + } + return count; +} + +size_t ServerPool::poolLoad() +{ + size_t load = 0; + auto servers = d_servers.read_lock(); + for (const auto& server : **servers) { + size_t serverOutstanding = std::get<1>(server)->outstanding.load(); + load += serverOutstanding; + } + return load; +} + +const std::shared_ptr ServerPool::getServers() +{ + std::shared_ptr result; + { + result = *(d_servers.read_lock()); + } + return result; +} + +void ServerPool::addServer(shared_ptr& server) +{ + auto servers = d_servers.write_lock(); + /* we can't update the content of the shared pointer directly even when holding the lock, + as other threads might hold a copy. We can however update the pointer as long as we hold the lock. */ + unsigned int count = static_cast((*servers)->size()); + auto newServers = std::make_shared(*(*servers)); + newServers->emplace_back(++count, server); + /* we need to reorder based on the server 'order' */ + std::stable_sort(newServers->begin(), newServers->end(), [](const std::pair >& a, const std::pair >& b) { + return a.second->order < b.second->order; + }); + /* and now we need to renumber for Lua (custom policies) */ + size_t idx = 1; + for (auto& serv : *newServers) { + serv.first = idx++; + } + *servers = std::move(newServers); +} + +void ServerPool::removeServer(shared_ptr& server) +{ + auto servers = d_servers.write_lock(); + /* we can't update the content of the shared pointer directly even when holding the lock, + as other threads might hold a copy. We can however update the pointer as long as we hold the lock. */ + auto newServers = std::make_shared(*(*servers)); + size_t idx = 1; + bool found = false; + for (auto it = newServers->begin(); it != newServers->end();) { + if (found) { + /* we need to renumber the servers placed + after the removed one, for Lua (custom policies) */ + it->first = idx++; + it++; + } + else if (it->second == server) { + it = newServers->erase(it); + found = true; + } else { + idx++; + it++; + } + } + *servers = std::move(newServers); +} diff --git a/dnsdist-cache.cc b/dnsdist-cache.cc new file mode 100644 index 0000000..3ccb3e1 --- /dev/null +++ b/dnsdist-cache.cc @@ -0,0 +1,490 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include + +#include "dnsdist.hh" +#include "dolog.hh" +#include "dnsparser.hh" +#include "dnsdist-cache.hh" +#include "dnsdist-ecs.hh" +#include "ednssubnet.hh" +#include "packetcache.hh" + +DNSDistPacketCache::DNSDistPacketCache(size_t maxEntries, uint32_t maxTTL, uint32_t minTTL, uint32_t tempFailureTTL, uint32_t maxNegativeTTL, uint32_t staleTTL, bool dontAge, uint32_t shards, bool deferrableInsertLock, bool parseECS): d_maxEntries(maxEntries), d_shardCount(shards), d_maxTTL(maxTTL), d_tempFailureTTL(tempFailureTTL), d_maxNegativeTTL(maxNegativeTTL), d_minTTL(minTTL), d_staleTTL(staleTTL), d_dontAge(dontAge), d_deferrableInsertLock(deferrableInsertLock), d_parseECS(parseECS) +{ + if (d_maxEntries == 0) { + throw std::runtime_error("Trying to create a 0-sized packet-cache"); + } + + d_shards.resize(d_shardCount); + + /* we reserve maxEntries + 1 to avoid rehashing from occurring + when we get to maxEntries, as it means a load factor of 1 */ + for (auto& shard : d_shards) { + shard.setSize((maxEntries / d_shardCount) + 1); + } +} + +bool DNSDistPacketCache::getClientSubnet(const PacketBuffer& packet, size_t qnameWireLength, boost::optional& subnet) +{ + uint16_t optRDPosition; + size_t remaining = 0; + + int res = getEDNSOptionsStart(packet, qnameWireLength, &optRDPosition, &remaining); + + if (res == 0) { + size_t ecsOptionStartPosition = 0; + size_t ecsOptionSize = 0; + + res = getEDNSOption(reinterpret_cast(&packet.at(optRDPosition)), remaining, EDNSOptionCode::ECS, &ecsOptionStartPosition, &ecsOptionSize); + + if (res == 0 && ecsOptionSize > (EDNS_OPTION_CODE_SIZE + EDNS_OPTION_LENGTH_SIZE)) { + + EDNSSubnetOpts eso; + if (getEDNSSubnetOptsFromString(reinterpret_cast(&packet.at(optRDPosition + ecsOptionStartPosition + (EDNS_OPTION_CODE_SIZE + EDNS_OPTION_LENGTH_SIZE))), ecsOptionSize - (EDNS_OPTION_CODE_SIZE + EDNS_OPTION_LENGTH_SIZE), &eso) == true) { + subnet = eso.source; + return true; + } + } + } + + return false; +} + +bool DNSDistPacketCache::cachedValueMatches(const CacheValue& cachedValue, uint16_t queryFlags, const DNSName& qname, uint16_t qtype, uint16_t qclass, bool receivedOverUDP, bool dnssecOK, const boost::optional& subnet) const +{ + if (cachedValue.queryFlags != queryFlags || cachedValue.dnssecOK != dnssecOK || cachedValue.receivedOverUDP != receivedOverUDP || cachedValue.qtype != qtype || cachedValue.qclass != qclass || cachedValue.qname != qname) { + return false; + } + + if (d_parseECS && cachedValue.subnet != subnet) { + return false; + } + + return true; +} + +void DNSDistPacketCache::insertLocked(CacheShard& shard, std::unordered_map& map, uint32_t key, CacheValue& newValue) +{ + /* check again now that we hold the lock to prevent a race */ + if (map.size() >= (d_maxEntries / d_shardCount)) { + return; + } + + std::unordered_map::iterator it; + bool result; + tie(it, result) = map.insert({key, newValue}); + + if (result) { + ++shard.d_entriesCount; + return; + } + + /* in case of collision, don't override the existing entry + except if it has expired */ + CacheValue& value = it->second; + bool wasExpired = value.validity <= newValue.added; + + if (!wasExpired && !cachedValueMatches(value, newValue.queryFlags, newValue.qname, newValue.qtype, newValue.qclass, newValue.receivedOverUDP, newValue.dnssecOK, newValue.subnet)) { + d_insertCollisions++; + return; + } + + /* if the existing entry had a longer TTD, keep it */ + if (newValue.validity <= value.validity) { + return; + } + + value = newValue; +} + +void DNSDistPacketCache::insert(uint32_t key, const boost::optional& subnet, uint16_t queryFlags, bool dnssecOK, const DNSName& qname, uint16_t qtype, uint16_t qclass, const PacketBuffer& response, bool receivedOverUDP, uint8_t rcode, boost::optional tempFailureTTL) +{ + if (response.size() < sizeof(dnsheader)) { + return; + } + + uint32_t minTTL; + + if (rcode == RCode::ServFail || rcode == RCode::Refused) { + minTTL = tempFailureTTL == boost::none ? d_tempFailureTTL : *tempFailureTTL; + if (minTTL == 0) { + return; + } + } + else { + bool seenAuthSOA = false; + minTTL = getMinTTL(reinterpret_cast(response.data()), response.size(), &seenAuthSOA); + + /* no TTL found, we don't want to cache this */ + if (minTTL == std::numeric_limits::max()) { + return; + } + + if (rcode == RCode::NXDomain || (rcode == RCode::NoError && seenAuthSOA)) { + minTTL = std::min(minTTL, d_maxNegativeTTL); + } + else if (minTTL > d_maxTTL) { + minTTL = d_maxTTL; + } + + if (minTTL < d_minTTL) { + d_ttlTooShorts++; + return; + } + } + + uint32_t shardIndex = getShardIndex(key); + + if (d_shards.at(shardIndex).d_entriesCount >= (d_maxEntries / d_shardCount)) { + return; + } + + const time_t now = time(nullptr); + time_t newValidity = now + minTTL; + CacheValue newValue; + newValue.qname = qname; + newValue.qtype = qtype; + newValue.qclass = qclass; + newValue.queryFlags = queryFlags; + newValue.len = response.size(); + newValue.validity = newValidity; + newValue.added = now; + newValue.receivedOverUDP = receivedOverUDP; + newValue.dnssecOK = dnssecOK; + newValue.value = std::string(response.begin(), response.end()); + newValue.subnet = subnet; + + auto& shard = d_shards.at(shardIndex); + + if (d_deferrableInsertLock) { + auto w = shard.d_map.try_write_lock(); + + if (!w.owns_lock()) { + d_deferredInserts++; + return; + } + insertLocked(shard, *w, key, newValue); + } + else { + auto w = shard.d_map.write_lock(); + + insertLocked(shard, *w, key, newValue); + } +} + +bool DNSDistPacketCache::get(DNSQuestion& dq, uint16_t queryId, uint32_t* keyOut, boost::optional& subnet, bool dnssecOK, bool receivedOverUDP, uint32_t allowExpired, bool skipAging) +{ + const auto& dnsQName = dq.qname->getStorage(); + uint32_t key = getKey(dnsQName, dq.qname->wirelength(), dq.getData(), receivedOverUDP); + + if (keyOut) { + *keyOut = key; + } + + if (d_parseECS) { + getClientSubnet(dq.getData(), dq.qname->wirelength(), subnet); + } + + uint32_t shardIndex = getShardIndex(key); + time_t now = time(nullptr); + time_t age; + bool stale = false; + auto& response = dq.getMutableData(); + auto& shard = d_shards.at(shardIndex); + { + auto map = shard.d_map.try_read_lock(); + if (!map.owns_lock()) { + d_deferredLookups++; + return false; + } + + std::unordered_map::const_iterator it = map->find(key); + if (it == map->end()) { + d_misses++; + return false; + } + + const CacheValue& value = it->second; + if (value.validity <= now) { + if ((now - value.validity) >= static_cast(allowExpired)) { + d_misses++; + return false; + } + else { + stale = true; + } + } + + if (value.len < sizeof(dnsheader)) { + return false; + } + + /* check for collision */ + if (!cachedValueMatches(value, *(getFlagsFromDNSHeader(dq.getHeader())), *dq.qname, dq.qtype, dq.qclass, receivedOverUDP, dnssecOK, subnet)) { + d_lookupCollisions++; + return false; + } + + response.resize(value.len); + memcpy(&response.at(0), &queryId, sizeof(queryId)); + memcpy(&response.at(sizeof(queryId)), &value.value.at(sizeof(queryId)), sizeof(dnsheader) - sizeof(queryId)); + + if (value.len == sizeof(dnsheader)) { + /* DNS header only, our work here is done */ + d_hits++; + return true; + } + + const size_t dnsQNameLen = dnsQName.length(); + if (value.len < (sizeof(dnsheader) + dnsQNameLen)) { + return false; + } + + memcpy(&response.at(sizeof(dnsheader)), dnsQName.c_str(), dnsQNameLen); + if (value.len > (sizeof(dnsheader) + dnsQNameLen)) { + memcpy(&response.at(sizeof(dnsheader) + dnsQNameLen), &value.value.at(sizeof(dnsheader) + dnsQNameLen), value.len - (sizeof(dnsheader) + dnsQNameLen)); + } + + if (!stale) { + age = now - value.added; + } + else { + age = (value.validity - value.added) - d_staleTTL; + } + } + + if (!d_dontAge && !skipAging) { + if (!stale) { + ageDNSPacket(reinterpret_cast(&response[0]), response.size(), age); + } + else { + editDNSPacketTTL(reinterpret_cast(&response[0]), response.size(), + [staleTTL = d_staleTTL](uint8_t section, uint16_t class_, uint16_t type, uint32_t ttl) { return staleTTL; }); + } + } + + d_hits++; + return true; +} + +/* Remove expired entries, until the cache has at most + upTo entries in it. + If the cache has more than one shard, we will try hard + to make sure that every shard has free space remaining. +*/ +size_t DNSDistPacketCache::purgeExpired(size_t upTo, const time_t now) +{ + const size_t maxPerShard = upTo / d_shardCount; + + size_t removed = 0; + + for (auto& shard : d_shards) { + auto map = shard.d_map.write_lock(); + if (map->size() <= maxPerShard) { + continue; + } + + size_t toRemove = map->size() - maxPerShard; + + for (auto it = map->begin(); toRemove > 0 && it != map->end(); ) { + const CacheValue& value = it->second; + + if (value.validity <= now) { + it = map->erase(it); + --toRemove; + --shard.d_entriesCount; + ++removed; + } else { + ++it; + } + } + } + + return removed; +} + +/* Remove all entries, keeping only upTo + entries in the cache. + If the cache has more than one shard, we will try hard + to make sure that every shard has free space remaining. +*/ +size_t DNSDistPacketCache::expunge(size_t upTo) +{ + const size_t maxPerShard = upTo / d_shardCount; + + size_t removed = 0; + + for (auto& shard : d_shards) { + auto map = shard.d_map.write_lock(); + + if (map->size() <= maxPerShard) { + continue; + } + + size_t toRemove = map->size() - maxPerShard; + + auto beginIt = map->begin(); + auto endIt = beginIt; + + if (map->size() >= toRemove) { + std::advance(endIt, toRemove); + map->erase(beginIt, endIt); + shard.d_entriesCount -= toRemove; + removed += toRemove; + } + else { + removed += map->size(); + map->clear(); + shard.d_entriesCount = 0; + } + } + + return removed; +} + +size_t DNSDistPacketCache::expungeByName(const DNSName& name, uint16_t qtype, bool suffixMatch) +{ + size_t removed = 0; + + for (auto& shard : d_shards) { + auto map = shard.d_map.write_lock(); + + for(auto it = map->begin(); it != map->end(); ) { + const CacheValue& value = it->second; + + if ((value.qname == name || (suffixMatch && value.qname.isPartOf(name))) && (qtype == QType::ANY || qtype == value.qtype)) { + it = map->erase(it); + --shard.d_entriesCount; + ++removed; + } else { + ++it; + } + } + } + + return removed; +} + +bool DNSDistPacketCache::isFull() +{ + return (getSize() >= d_maxEntries); +} + +uint64_t DNSDistPacketCache::getSize() +{ + uint64_t count = 0; + + for (auto& shard : d_shards) { + count += shard.d_entriesCount; + } + + return count; +} + +uint32_t DNSDistPacketCache::getMinTTL(const char* packet, uint16_t length, bool* seenNoDataSOA) +{ + return getDNSPacketMinTTL(packet, length, seenNoDataSOA); +} + +uint32_t DNSDistPacketCache::getKey(const DNSName::string_t& qname, size_t qnameWireLength, const PacketBuffer& packet, bool receivedOverUDP) +{ + uint32_t result = 0; + /* skip the query ID */ + if (packet.size() < sizeof(dnsheader)) { + throw std::range_error("Computing packet cache key for an invalid packet size (" + std::to_string(packet.size()) +")"); + } + + result = burtle(&packet.at(2), sizeof(dnsheader) - 2, result); + result = burtleCI((const unsigned char*) qname.c_str(), qname.length(), result); + if (packet.size() < sizeof(dnsheader) + qnameWireLength) { + throw std::range_error("Computing packet cache key for an invalid packet (" + std::to_string(packet.size()) + " < " + std::to_string(sizeof(dnsheader) + qnameWireLength) + ")"); + } + if (packet.size() > ((sizeof(dnsheader) + qnameWireLength))) { + if (!d_optionsToSkip.empty()) { + /* skip EDNS options if any */ + result = PacketCache::hashAfterQname(pdns_string_view(reinterpret_cast(packet.data()), packet.size()), result, sizeof(dnsheader) + qnameWireLength, d_optionsToSkip); + } + else { + result = burtle(&packet.at(sizeof(dnsheader) + qnameWireLength), packet.size() - (sizeof(dnsheader) + qnameWireLength), result); + } + } + result = burtle((const unsigned char*) &receivedOverUDP, sizeof(receivedOverUDP), result); + return result; +} + +uint32_t DNSDistPacketCache::getShardIndex(uint32_t key) const +{ + return key % d_shardCount; +} + +string DNSDistPacketCache::toString() +{ + return std::to_string(getSize()) + "/" + std::to_string(d_maxEntries); +} + +uint64_t DNSDistPacketCache::getEntriesCount() +{ + return getSize(); +} + +uint64_t DNSDistPacketCache::dump(int fd) +{ + auto fp = std::unique_ptr(fdopen(dup(fd), "w"), fclose); + if (fp == nullptr) { + return 0; + } + + fprintf(fp.get(), "; dnsdist's packet cache dump follows\n;\n"); + + uint64_t count = 0; + time_t now = time(nullptr); + for (auto& shard : d_shards) { + auto map = shard.d_map.read_lock(); + + for (const auto& entry : *map) { + const CacheValue& value = entry.second; + count++; + + try { + uint8_t rcode = 0; + if (value.len >= sizeof(dnsheader)) { + dnsheader dh; + memcpy(&dh, value.value.data(), sizeof(dnsheader)); + rcode = dh.rcode; + } + + fprintf(fp.get(), "%s %" PRId64 " %s ; rcode %" PRIu8 ", key %" PRIu32 ", length %" PRIu16 ", received over UDP %d, added %" PRId64 "\n", value.qname.toString().c_str(), static_cast(value.validity - now), QType(value.qtype).toString().c_str(), rcode, entry.first, value.len, value.receivedOverUDP, static_cast(value.added)); + } + catch(...) { + fprintf(fp.get(), "; error printing '%s'\n", value.qname.empty() ? "EMPTY" : value.qname.toString().c_str()); + } + } + } + + return count; +} + +void DNSDistPacketCache::setSkippedOptions(const std::unordered_set& optionsToSkip) +{ + d_optionsToSkip = optionsToSkip; +} diff --git a/dnsdist-cache.hh b/dnsdist-cache.hh new file mode 100644 index 0000000..3309459 --- /dev/null +++ b/dnsdist-cache.hh @@ -0,0 +1,145 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include +#include + +#include "iputils.hh" +#include "lock.hh" +#include "noinitvector.hh" +#include "stat_t.hh" +#include "ednsoptions.hh" + +struct DNSQuestion; + +class DNSDistPacketCache : boost::noncopyable +{ +public: + DNSDistPacketCache(size_t maxEntries, uint32_t maxTTL=86400, uint32_t minTTL=0, uint32_t tempFailureTTL=60, uint32_t maxNegativeTTL=3600, uint32_t staleTTL=60, bool dontAge=false, uint32_t shards=1, bool deferrableInsertLock=true, bool parseECS=false); + + void insert(uint32_t key, const boost::optional& subnet, uint16_t queryFlags, bool dnssecOK, const DNSName& qname, uint16_t qtype, uint16_t qclass, const PacketBuffer& response, bool receivedOverUDP, uint8_t rcode, boost::optional tempFailureTTL); + bool get(DNSQuestion& dq, uint16_t queryId, uint32_t* keyOut, boost::optional& subnet, bool dnssecOK, bool receivedOverUDP, uint32_t allowExpired = 0, bool skipAging = false); + size_t purgeExpired(size_t upTo, const time_t now); + size_t expunge(size_t upTo=0); + size_t expungeByName(const DNSName& name, uint16_t qtype=QType::ANY, bool suffixMatch=false); + bool isFull(); + string toString(); + uint64_t getSize(); + uint64_t getHits() const { return d_hits; } + uint64_t getMisses() const { return d_misses; } + uint64_t getDeferredLookups() const { return d_deferredLookups; } + uint64_t getDeferredInserts() const { return d_deferredInserts; } + uint64_t getLookupCollisions() const { return d_lookupCollisions; } + uint64_t getInsertCollisions() const { return d_insertCollisions; } + uint64_t getMaxEntries() const { return d_maxEntries; } + uint64_t getTTLTooShorts() const { return d_ttlTooShorts; } + uint64_t getEntriesCount(); + uint64_t dump(int fd); + void setSkippedOptions(const std::unordered_set& optionsToSkip); + + bool isECSParsingEnabled() const { return d_parseECS; } + + bool keepStaleData() const + { + return d_keepStaleData; + } + void setKeepStaleData(bool keep) + { + d_keepStaleData = keep; + } + + + void setECSParsingEnabled(bool enabled) + { + d_parseECS = enabled; + } + + uint32_t getKey(const DNSName::string_t& qname, size_t qnameWireLength, const PacketBuffer& packet, bool receivedOverUDP); + + static uint32_t getMinTTL(const char* packet, uint16_t length, bool* seenNoDataSOA); + static bool getClientSubnet(const PacketBuffer& packet, size_t qnameWireLength, boost::optional& subnet); + +private: + + struct CacheValue + { + time_t getTTD() const { return validity; } + std::string value; + DNSName qname; + boost::optional subnet; + uint16_t qtype{0}; + uint16_t qclass{0}; + uint16_t queryFlags{0}; + time_t added{0}; + time_t validity{0}; + uint16_t len{0}; + bool receivedOverUDP{false}; + bool dnssecOK{false}; + }; + + class CacheShard + { + public: + CacheShard() + { + } + CacheShard(const CacheShard& old) + { + } + + void setSize(size_t maxSize) + { + d_map.write_lock()->reserve(maxSize); + } + + SharedLockGuarded> d_map; + std::atomic d_entriesCount{0}; + }; + + bool cachedValueMatches(const CacheValue& cachedValue, uint16_t queryFlags, const DNSName& qname, uint16_t qtype, uint16_t qclass, bool receivedOverUDP, bool dnssecOK, const boost::optional& subnet) const; + uint32_t getShardIndex(uint32_t key) const; + void insertLocked(CacheShard& shard, std::unordered_map& map, uint32_t key, CacheValue& newValue); + + std::vector d_shards; + std::unordered_set d_optionsToSkip{EDNSOptionCode::COOKIE}; + + pdns::stat_t d_deferredLookups{0}; + pdns::stat_t d_deferredInserts{0}; + pdns::stat_t d_hits{0}; + pdns::stat_t d_misses{0}; + pdns::stat_t d_insertCollisions{0}; + pdns::stat_t d_lookupCollisions{0}; + pdns::stat_t d_ttlTooShorts{0}; + + size_t d_maxEntries; + uint32_t d_shardCount; + uint32_t d_maxTTL; + uint32_t d_tempFailureTTL; + uint32_t d_maxNegativeTTL; + uint32_t d_minTTL; + uint32_t d_staleTTL; + bool d_dontAge; + bool d_deferrableInsertLock; + bool d_parseECS; + bool d_keepStaleData{false}; +}; diff --git a/dnsdist-carbon.cc b/dnsdist-carbon.cc new file mode 100644 index 0000000..4f3859a --- /dev/null +++ b/dnsdist-carbon.cc @@ -0,0 +1,280 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif +#include "iputils.hh" +#include "dolog.hh" +#include "sstuff.hh" + +#include "namespaces.hh" +#include "dnsdist.hh" +#include "threadname.hh" + +GlobalStateHolder > g_carbon; +static time_t s_start = time(nullptr); + +uint64_t uptimeOfProcess(const std::string& str) +{ + return time(nullptr) - s_start; +} + +void carbonDumpThread() +{ + try + { + setThreadName("dnsdist/carbon"); + auto localCarbon = g_carbon.getLocal(); + for(int numloops=0;;++numloops) { + if(localCarbon->empty()) { + sleep(1); + continue; + } + /* this is wrong, we use the interval of the first server + for every single one of them */ + if(numloops) { + const unsigned int interval = localCarbon->at(0).interval; + sleep(interval); + } + + for (const auto& conf : *localCarbon) { + const auto& server = conf.server; + const std::string& namespace_name = conf.namespace_name; + std::string hostname = conf.ourname; + if (hostname.empty()) { + try { + hostname = getCarbonHostName(); + } + catch(const std::exception& e) { + throw std::runtime_error(std::string("The 'ourname' setting in 'carbonServer()' has not been set and we are unable to determine the system's hostname: ") + e.what()); + } + } + const std::string& instance_name = conf.instance_name; + + try { + Socket s(server.sin4.sin_family, SOCK_STREAM); + s.setNonBlocking(); + s.connect(server); // we do the connect so the attempt happens while we gather stats + ostringstream str; + time_t now=time(0); + for(const auto& e : g_stats.entries) { + str<(&e.second)) + str<<(*val)->load(); + else if (const auto& dval = boost::get(&e.second)) + str<<**dval; + else + str<<(*boost::get(&e.second))(e.first); + str<<' '<getName().empty() ? state->remote.toStringWithPort() : state->getName(); + boost::replace_all(serverName, ".", "_"); + const string base = namespace_name + "." + hostname + "." + instance_name + ".servers." + serverName + "."; + str<queries.load() << " " << now << "\r\n"; + str<responses.load() << " " << now << "\r\n"; + str<reuseds.load() << " " << now << "\r\n"; + str<availability != DownstreamState::Availability::Down ? state->latencyUsec/1000.0 : 0) << " " << now << "\r\n"; + str<sendErrors.load() << " " << now << "\r\n"; + str<outstanding.load() << " " << now << "\r\n"; + str<tcpDiedSendingQuery.load() << " " << now << "\r\n"; + str<tcpDiedReadingResponse.load() << " " << now << "\r\n"; + str<tcpGaveUp.load() << " " << now << "\r\n"; + str<tcpReadTimeouts.load() << " " << now << "\r\n"; + str<tcpWriteTimeouts.load() << " " << now << "\r\n"; + str<tcpConnectTimeouts.load() << " " << now << "\r\n"; + str<tcpCurrentConnections.load() << " " << now << "\r\n"; + str<tcpMaxConcurrentConnections.load() << " " << now << "\r\n"; + str<tcpNewConnections.load() << " " << now << "\r\n"; + str<tcpReusedConnections.load() << " " << now << "\r\n"; + str<tlsResumptions.load() << " " << now << "\r\n"; + str<tcpAvgQueriesPerConnection.load() << " " << now << "\r\n"; + str<tcpAvgConnectionDuration.load() << " " << now << "\r\n"; + } + + std::map frontendDuplicates; + for(const auto& front : g_frontends) { + if (front->udpFD == -1 && front->tcpFD == -1) + continue; + + string frontName = front->local.toStringWithPort() + (front->udpFD >= 0 ? "_udp" : "_tcp"); + boost::replace_all(frontName, ".", "_"); + auto dupPair = frontendDuplicates.insert({frontName, 1}); + if (!dupPair.second) { + frontName = frontName + "_" + std::to_string(dupPair.first->second); + ++(dupPair.first->second); + } + + const string base = namespace_name + "." + hostname + "." + instance_name + ".frontends." + frontName + "."; + str<queries.load() << " " << now << "\r\n"; + str<responses.load() << " " << now << "\r\n"; + str<tcpDiedReadingQuery.load() << " " << now << "\r\n"; + str<tcpDiedSendingResponse.load() << " " << now << "\r\n"; + str<tcpGaveUp.load() << " " << now << "\r\n"; + str<tcpClientTimeouts.load() << " " << now << "\r\n"; + str<tcpDownstreamTimeouts.load() << " " << now << "\r\n"; + str<tcpCurrentConnections.load() << " " << now << "\r\n"; + str<tcpMaxConcurrentConnections.load() << " " << now << "\r\n"; + str<tcpAvgQueriesPerConnection.load() << " " << now << "\r\n"; + str<tcpAvgConnectionDuration.load() << " " << now << "\r\n"; + str<tls10queries.load() << " " << now << "\r\n"; + str<tls11queries.load() << " " << now << "\r\n"; + str<tls12queries.load() << " " << now << "\r\n"; + str<tls13queries.load() << " " << now << "\r\n"; + str<tlsUnknownqueries.load() << " " << now << "\r\n"; + str<tlsNewSessions.load() << " " << now << "\r\n"; + str<tlsResumptions.load() << " " << now << "\r\n"; + str<tlsUnknownTicketKey.load() << " " << now << "\r\n"; + str<tlsInactiveTicketKey.load() << " " << now << "\r\n"; + const TLSErrorCounters* errorCounters = nullptr; + if (front->tlsFrontend != nullptr) { + errorCounters = &front->tlsFrontend->d_tlsCounters; + } + else if (front->dohFrontend != nullptr) { + errorCounters = &front->dohFrontend->d_tlsCounters; + } + if (errorCounters != nullptr) { + str<d_dhKeyTooSmall << " " << now << "\r\n"; + str<d_inappropriateFallBack << " " << now << "\r\n"; + str<d_noSharedCipher << " " << now << "\r\n"; + str<d_unknownCipherType << " " << now << "\r\n"; + str<d_unknownKeyExchangeType << " " << now << "\r\n"; + str<d_unknownProtocol << " " << now << "\r\n"; + str<d_unsupportedEC << " " << now << "\r\n"; + str<d_unsupportedProtocol << " " << now << "\r\n"; + } + } + + auto localPools = g_pools.getLocal(); + for (const auto& entry : *localPools) { + string poolName = entry.first; + boost::replace_all(poolName, ".", "_"); + if (poolName.empty()) { + poolName = "_default_"; + } + const string base = namespace_name + "." + hostname + "." + instance_name + ".pools." + poolName + "."; + const std::shared_ptr pool = entry.second; + str<countServers(false) << " " << now << "\r\n"; + str<countServers(true) << " " << now << "\r\n"; + if (pool->packetCache != nullptr) { + const auto& cache = pool->packetCache; + str<getMaxEntries() << " " << now << "\r\n"; + str<getEntriesCount() << " " << now << "\r\n"; + str<getHits() << " " << now << "\r\n"; + str<getMisses() << " " << now << "\r\n"; + str<getDeferredInserts() << " " << now << "\r\n"; + str<getDeferredLookups() << " " << now << "\r\n"; + str<getLookupCollisions() << " " << now << "\r\n"; + str<getInsertCollisions() << " " << now << "\r\n"; + str<getTTLTooShorts() << " " << now << "\r\n"; + } + } + +#ifdef HAVE_DNS_OVER_HTTPS + { + std::map dohFrontendDuplicates; + const string base = "dnsdist." + hostname + ".main.doh."; + for(const auto& doh : g_dohlocals) { + string name = doh->d_local.toStringWithPort(); + boost::replace_all(name, ".", "_"); + boost::replace_all(name, ":", "_"); + boost::replace_all(name, "[", "_"); + boost::replace_all(name, "]", "_"); + + auto dupPair = dohFrontendDuplicates.insert({name, 1}); + if (!dupPair.second) { + name = name + "_" + std::to_string(dupPair.first->second); + ++(dupPair.first->second); + } + + vector> v{ + {"http-connects", doh->d_httpconnects}, + {"http1-queries", doh->d_http1Stats.d_nbQueries}, + {"http2-queries", doh->d_http2Stats.d_nbQueries}, + {"http1-200-responses", doh->d_http1Stats.d_nb200Responses}, + {"http2-200-responses", doh->d_http2Stats.d_nb200Responses}, + {"http1-400-responses", doh->d_http1Stats.d_nb400Responses}, + {"http2-400-responses", doh->d_http2Stats.d_nb400Responses}, + {"http1-403-responses", doh->d_http1Stats.d_nb403Responses}, + {"http2-403-responses", doh->d_http2Stats.d_nb403Responses}, + {"http1-500-responses", doh->d_http1Stats.d_nb500Responses}, + {"http2-500-responses", doh->d_http2Stats.d_nb500Responses}, + {"http1-502-responses", doh->d_http1Stats.d_nb502Responses}, + {"http2-502-responses", doh->d_http2Stats.d_nb502Responses}, + {"http1-other-responses", doh->d_http1Stats.d_nbOtherResponses}, + {"http2-other-responses", doh->d_http2Stats.d_nbOtherResponses}, + {"get-queries", doh->d_getqueries}, + {"post-queries", doh->d_postqueries}, + {"bad-requests", doh->d_badrequests}, + {"error-responses", doh->d_errorresponses}, + {"redirect-responses", doh->d_redirectresponses}, + {"valid-responses", doh->d_validresponses} + }; + + for(const auto& item : v) { + str<clear(); + } + + const string msg = str.str(); + + int ret = waitForRWData(s.getHandle(), false, 1 , 0); + if(ret <= 0 ) { + vinfolog("Unable to write data to carbon server on %s: %s", server.toStringWithPort(), (ret<0 ? stringerror() : "Timeout")); + continue; + } + s.setBlocking(); + writen2(s.getHandle(), msg.c_str(), msg.size()); + } + catch(const std::exception& e) { + warnlog("Problem sending carbon data: %s", e.what()); + } + } + } + } + catch(const std::exception& e) + { + errlog("Carbon thread died: %s", e.what()); + } + catch(const PDNSException& e) + { + errlog("Carbon thread died, PDNSException: %s", e.reason); + } + catch(...) + { + errlog("Carbon thread died"); + } +} diff --git a/dnsdist-console.cc b/dnsdist-console.cc new file mode 100644 index 0000000..a052779 --- /dev/null +++ b/dnsdist-console.cc @@ -0,0 +1,936 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +// we need this to get the home directory of the current user +#include +#include + +#if defined (__OpenBSD__) || defined(__NetBSD__) +// If this is not undeffed, __attribute__ wil be redefined by /usr/include/readline/rlstdc.h +#undef __STRICT_ANSI__ +#include +#include +#else +#include +#endif + +#include "ext/json11/json11.hpp" + +#include "connection-management.hh" +#include "dolog.hh" +#include "dnsdist.hh" +#include "dnsdist-console.hh" +#include "sodcrypto.hh" +#include "threadname.hh" + +GlobalStateHolder g_consoleACL; +vector > g_confDelta; +std::string g_consoleKey; +bool g_logConsoleConnections{true}; +bool g_consoleEnabled{false}; +uint32_t g_consoleOutputMsgMaxSize{10000000}; + +static ConcurrentConnectionManager s_connManager(100); + +class ConsoleConnection +{ +public: + ConsoleConnection(const ComboAddress& client, int fd): d_client(client), d_fd(fd) + { + if (!s_connManager.registerConnection()) { + close(fd); + throw std::runtime_error("Too many concurrent console connections"); + } + } + ConsoleConnection(ConsoleConnection&& rhs): d_client(rhs.d_client), d_fd(rhs.d_fd) + { + rhs.d_fd = -1; + } + + ConsoleConnection(const ConsoleConnection&) = delete; + ConsoleConnection& operator=(const ConsoleConnection&) = delete; + + ~ConsoleConnection() + { + if (d_fd != -1) { + close(d_fd); + s_connManager.releaseConnection(); + } + } + + int getFD() const + { + return d_fd; + } + + const ComboAddress& getClient() const + { + return d_client; + } + +private: + ComboAddress d_client; + int d_fd{-1}; +}; + +void setConsoleMaximumConcurrentConnections(size_t max) +{ + s_connManager.setMaxConcurrentConnections(max); +} + +// MUST BE CALLED UNDER A LOCK - right now the LuaLock +static void feedConfigDelta(const std::string& line) +{ + if(line.empty()) + return; + struct timeval now; + gettimeofday(&now, 0); + g_confDelta.emplace_back(now, line); +} + +static string historyFile(const bool &ignoreHOME = false) +{ + string ret; + + struct passwd pwd; + struct passwd *result; + char buf[16384]; + getpwuid_r(geteuid(), &pwd, buf, sizeof(buf), &result); + + const char *homedir = getenv("HOME"); + if (result) + ret = string(pwd.pw_dir); + if (homedir && !ignoreHOME) // $HOME overrides what the OS tells us + ret = string(homedir); + if (ret.empty()) + ret = "."; // CWD if nothing works.. + ret.append("/.dnsdist_history"); + return ret; +} + +static bool getMsgLen32(int fd, uint32_t* len) +{ + try + { + uint32_t raw; + size_t ret = readn2(fd, &raw, sizeof raw); + + if (ret != sizeof raw) { + return false; + } + + *len = ntohl(raw); + if (*len > g_consoleOutputMsgMaxSize) { + return false; + } + + return true; + } + catch(...) { + return false; + } +} + +static bool putMsgLen32(int fd, uint32_t len) +{ + try + { + uint32_t raw = htonl(len); + size_t ret = writen2(fd, &raw, sizeof raw); + return ret == sizeof raw; + } + catch(...) { + return false; + } +} + +static bool sendMessageToServer(int fd, const std::string& line, SodiumNonce& readingNonce, SodiumNonce& writingNonce, const bool outputEmptyLine) +{ + string msg = sodEncryptSym(line, g_consoleKey, writingNonce); + const auto msgLen = msg.length(); + if (msgLen > std::numeric_limits::max()) { + cout << "Encrypted message is too long to be sent to the server, "<< std::to_string(msgLen) << " > " << std::numeric_limits::max() << endl; + return true; + } + + putMsgLen32(fd, static_cast(msgLen)); + + if (!msg.empty()) { + writen2(fd, msg); + } + + uint32_t len; + if(!getMsgLen32(fd, &len)) { + cout << "Connection closed by the server." << endl; + return false; + } + + if (len == 0) { + if (outputEmptyLine) { + cout << endl; + } + + return true; + } + + msg.clear(); + msg.resize(len); + readn2(fd, msg.data(), len); + msg = sodDecryptSym(msg, g_consoleKey, readingNonce); + cout << msg; + cout.flush(); + + return true; +} + +void doClient(ComboAddress server, const std::string& command) +{ + if (!sodIsValidKey(g_consoleKey)) { + cerr << "The currently configured console key is not valid, please configure a valid key using the setKey() directive" << endl; + return; + } + + if (g_verbose) { + cout<<"Connecting to "< "); + rl_bind_key('\t',rl_complete); + if(!sline) + break; + + string line(sline); + if(!line.empty() && line != lastline) { + add_history(sline); + history << sline < "); + rl_bind_key('\t',rl_complete); + if(!sline) + break; + + string line(sline); + if(!line.empty() && line != lastline) { + add_history(sline); + history << sline <executeCode< + boost::optional< + boost::variant< + string, + shared_ptr, + ClientState*, + std::unordered_map + > + > + >(withReturn ? ("return "+line) : line); + if(ret) { + if (const auto dsValue = boost::get>(&*ret)) { + if (*dsValue) { + cout<<(*dsValue)->getName()<(&*ret)) { + if (*csValue) { + cout<<(*csValue)->local.toStringWithPort()<(&*ret)) { + cout<<*strValue< >(&*ret)) { + using namespace json11; + Json::object o; + for(const auto& v : *um) + o[v.first]=v.second; + Json out = o; + cout< g_consoleKeywords{ + /* keyword, function, parameters, description */ + { "addACL", true, "netmask", "add to the ACL set who can use this server" }, + { "addAction", true, "DNS rule, DNS action [, {uuid=\"UUID\", name=\"name\"}]", "add a rule" }, + { "addBPFFilterDynBlocks", true, "addresses, dynbpf[[, seconds=10], msg]", "This is the eBPF equivalent of addDynBlocks(), blocking a set of addresses for (optionally) a number of seconds, using an eBPF dynamic filter" }, + { "addCapabilitiesToRetain", true, "capability or list of capabilities", "Linux capabilities to retain after startup, like CAP_BPF" }, + { "addConsoleACL", true, "netmask", "add a netmask to the console ACL" }, + { "addDNSCryptBind", true, "\"127.0.0.1:8443\", \"provider name\", \"/path/to/resolver.cert\", \"/path/to/resolver.key\", {reusePort=false, tcpFastOpenQueueSize=0, interface=\"\", cpus={}}", "listen to incoming DNSCrypt queries on 127.0.0.1 port 8443, with a provider name of `provider name`, using a resolver certificate and associated key stored respectively in the `resolver.cert` and `resolver.key` files. The fifth optional parameter is a table of parameters" }, + { "addDOHLocal", true, "addr, certFile, keyFile [, urls [, vars]]", "listen to incoming DNS over HTTPS queries on the specified address using the specified certificate and key. The last two parameters are tables" }, + { "addDynBlocks", true, "addresses, message[, seconds[, action]]", "block the set of addresses with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)" }, + { "addDynBlockSMT", true, "names, message[, seconds [, action]]", "block the set of names with message `msg`, for `seconds` seconds (10 by default), applying `action` (default to the one set with `setDynBlocksAction()`)" }, + { "addLocal", true, "addr [, {doTCP=true, reusePort=false, tcpFastOpenQueueSize=0, interface=\"\", cpus={}}]", "add `addr` to the list of addresses we listen on" }, + { "addCacheHitResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\", name=\"name\"}}]", "add a cache hit response rule" }, + { "addResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\", name=\"name\"}}]", "add a response rule" }, + { "addSelfAnsweredResponseAction", true, "DNS rule, DNS response action [, {uuid=\"UUID\", name=\"name\"}}]", "add a self-answered response rule" }, + { "addTLSLocal", true, "addr, certFile(s), keyFile(s) [,params]", "listen to incoming DNS over TLS queries on the specified address using the specified certificate (or list of) and key (or list of). The last parameter is a table" }, + { "AllowAction", true, "", "let these packets go through" }, + { "AllowResponseAction", true, "", "let these packets go through" }, + { "AllRule", true, "", "matches all traffic" }, + { "AndRule", true, "list of DNS rules", "matches if all sub-rules matches" }, + { "benchRule", true, "DNS Rule [, iterations [, suffix]]", "bench the specified DNS rule" }, + { "carbonServer", true, "serverIP, [ourname], [interval]", "report statistics to serverIP using our hostname, or 'ourname' if provided, every 'interval' seconds" }, + { "clearConsoleHistory", true, "", "clear the internal (in-memory) history of console commands" }, + { "clearDynBlocks", true, "", "clear all dynamic blocks" }, + { "clearQueryCounters", true, "", "clears the query counter buffer" }, + { "clearRules", true, "", "remove all current rules" }, + { "controlSocket", true, "addr", "open a control socket on this address / connect to this address in client mode" }, + { "ContinueAction", true, "action", "execute the specified action and continue the processing of the remaining rules, regardless of the return of the action" }, + { "DelayAction", true, "milliseconds", "delay the response by the specified amount of milliseconds (UDP-only)" }, + { "DelayResponseAction", true, "milliseconds", "delay the response by the specified amount of milliseconds (UDP-only)" }, + { "delta", true, "", "shows all commands entered that changed the configuration" }, + { "DNSSECRule", true, "", "matches queries with the DO bit set" }, + { "DnstapLogAction", true, "identity, FrameStreamLogger [, alterFunction]", "send the contents of this query to a FrameStreamLogger or RemoteLogger as dnstap. `alterFunction` is a callback, receiving a DNSQuestion and a DnstapMessage, that can be used to modify the dnstap message" }, + { "DnstapLogResponseAction", true, "identity, FrameStreamLogger [, alterFunction]", "send the contents of this response to a remote or FrameStreamLogger or RemoteLogger as dnstap. `alterFunction` is a callback, receiving a DNSResponse and a DnstapMessage, that can be used to modify the dnstap message" }, + { "DropAction", true, "", "drop these packets" }, + { "DropResponseAction", true, "", "drop these packets" }, + { "DSTPortRule", true, "port", "matches questions received to the destination port specified" }, + { "dumpStats", true, "", "print all statistics we gather" }, + { "dynBlockRulesGroup", true, "", "return a new DynBlockRulesGroup object" }, + { "EDNSVersionRule", true, "version", "matches queries with the specified EDNS version" }, + { "EDNSOptionRule", true, "optcode", "matches queries with the specified EDNS0 option present" }, + { "ERCodeAction", true, "ercode", "Reply immediately by turning the query into a response with the specified EDNS extended rcode" }, + { "ERCodeRule", true, "rcode", "matches responses with the specified extended rcode (EDNS0)" }, + { "exceedNXDOMAINs", true, "rate, seconds", "get set of addresses that exceed `rate` NXDOMAIN/s over `seconds` seconds" }, + { "exceedQRate", true, "rate, seconds", "get set of address that exceed `rate` queries/s over `seconds` seconds" }, + { "exceedQTypeRate", true, "type, rate, seconds", "get set of address that exceed `rate` queries/s for queries of type `type` over `seconds` seconds" }, + { "exceedRespByterate", true, "rate, seconds", "get set of addresses that exceeded `rate` bytes/s answers over `seconds` seconds" }, + { "exceedServFails", true, "rate, seconds", "get set of addresses that exceed `rate` servfails/s over `seconds` seconds" }, + { "firstAvailable", false, "", "picks the server with the lowest `order` that has not exceeded its QPS limit" }, + { "fixupCase", true, "bool", "if set (default to no), rewrite the first qname of the question part of the answer to match the one from the query. It is only useful when you have a downstream server that messes up the case of the question qname in the answer" }, + { "generateDNSCryptCertificate", true, "\"/path/to/providerPrivate.key\", \"/path/to/resolver.cert\", \"/path/to/resolver.key\", serial, validFrom, validUntil", "generate a new resolver private key and related certificate, valid from the `validFrom` timestamp until the `validUntil` one, signed with the provider private key" }, + { "generateDNSCryptProviderKeys", true, "\"/path/to/providerPublic.key\", \"/path/to/providerPrivate.key\"", "generate a new provider keypair" }, + { "getAction", true, "n", "Returns the Action associated with rule n" }, + { "getBind", true, "n", "returns the listener at index n" }, + { "getBindCount", true, "", "returns the number of listeners all kinds" }, + { "getDNSCryptBind", true, "n", "return the `DNSCryptContext` object corresponding to the bind `n`" }, + { "getDNSCryptBindCount", true, "", "returns the number of DNSCrypt listeners" }, + { "getDOHFrontend", true, "n", "returns the DOH frontend with index n" }, + { "getDOHFrontendCount", true, "", "returns the number of DoH listeners" }, + { "getOutgoingTLSSessionCacheSize", true, "", "returns the number of TLS sessions (for outgoing connections) currently cached" }, + { "getPool", true, "name", "return the pool named `name`, or \"\" for the default pool" }, + { "getPoolServers", true, "pool", "return servers part of this pool" }, + { "getQueryCounters", true, "[max=10]", "show current buffer of query counters, limited by 'max' if provided" }, + { "getResponseRing", true, "", "return the current content of the response ring" }, + { "getRespRing", true, "", "return the qname/rcode content of the response ring" }, + { "getServer", true, "id", "returns server with index 'n' or whose uuid matches if 'id' is an UUID string" }, + { "getServers", true, "", "returns a table with all defined servers" }, + { "getStatisticsCounters", true, "", "returns a map of statistic counters" }, + { "getTopCacheHitResponseRules", true, "[top]", "return the `top` cache-hit response rules" }, + { "getTopResponseRules", true, "[top]", "return the `top` response rules" }, + { "getTopRules", true, "[top]", "return the `top` rules" }, + { "getTopSelfAnsweredResponseRules", true, "[top]", "return the `top` self-answered response rules" }, + { "getTLSContext", true, "n", "returns the TLS context with index n" }, + { "getTLSFrontend", true, "n", "returns the TLS frontend with index n" }, + { "getTLSFrontendCount", true, "", "returns the number of DoT listeners" }, + { "grepq", true, "Netmask|DNS Name|100ms|{\"::1\", \"powerdns.com\", \"100ms\"} [, n]", "shows the last n queries and responses matching the specified client address or range (Netmask), or the specified DNS Name, or slower than 100ms" }, + { "hashPassword", true, "password [, workFactor]", "Returns a hashed and salted version of the supplied password, usable with 'setWebserverConfig()'"}, + { "HTTPHeaderRule", true, "name, regex", "matches DoH queries with a HTTP header 'name' whose content matches the regular expression 'regex'"}, + { "HTTPPathRegexRule", true, "regex", "matches DoH queries whose HTTP path matches 'regex'"}, + { "HTTPPathRule", true, "path", "matches DoH queries whose HTTP path is an exact match to 'path'"}, + { "HTTPStatusAction", true, "status, reason, body", "return an HTTP response"}, + { "inClientStartup", true, "", "returns true during console client parsing of configuration" }, + { "includeDirectory", true, "path", "include configuration files from `path`" }, + { "KeyValueLookupKeyQName", true, "[wireFormat]", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return the qname of the query, either in wire format (default) or in plain text if 'wireFormat' is false" }, + { "KeyValueLookupKeySourceIP", true, "[v4Mask [, v6Mask [, includePort]]]", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return the (possibly bitmasked) source IP of the client in network byte-order." }, + { "KeyValueLookupKeySuffix", true, "[minLabels [,wireFormat]]", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return a vector of keys based on the labels of the qname in DNS wire format or plain text" }, + { "KeyValueLookupKeyTag", true, "tag", "Return a new KeyValueLookupKey object that, when passed to KeyValueStoreLookupAction or KeyValueStoreLookupRule, will return the value of the corresponding tag for this query, if it exists" }, + { "KeyValueStoreLookupAction", true, "kvs, lookupKey, destinationTag", "does a lookup into the key value store referenced by 'kvs' using the key returned by 'lookupKey', and storing the result if any into the tag named 'destinationTag'" }, + { "KeyValueStoreRangeLookupAction", true, "kvs, lookupKey, destinationTag", "does a range-based lookup into the key value store referenced by 'kvs' using the key returned by 'lookupKey', and storing the result if any into the tag named 'destinationTag'" }, + { "KeyValueStoreLookupRule", true, "kvs, lookupKey", "matches queries if the key is found in the specified Key Value store" }, + { "KeyValueStoreRangeLookupRule", true, "kvs, lookupKey", "matches queries if the key is found in the specified Key Value store" }, + { "leastOutstanding", false, "", "Send traffic to downstream server with least outstanding queries, with the lowest 'order', and within that the lowest recent latency"}, + { "LogAction", true, "[filename], [binary], [append], [buffered]", "Log a line for each query, to the specified file if any, to the console (require verbose) otherwise. When logging to a file, the `binary` optional parameter specifies whether we log in binary form (default) or in textual form, the `append` optional parameter specifies whether we open the file for appending or truncate each time (default), and the `buffered` optional parameter specifies whether writes to the file are buffered (default) or not." }, + { "LogResponseAction", true, "[filename], [append], [buffered]", "Log a line for each response, to the specified file if any, to the console (require verbose) otherwise. The `append` optional parameter specifies whether we open the file for appending or truncate each time (default), and the `buffered` optional parameter specifies whether writes to the file are buffered (default) or not." }, + { "LuaAction", true, "function", "Invoke a Lua function that accepts a DNSQuestion" }, + { "LuaFFIAction", true, "function", "Invoke a Lua FFI function that accepts a DNSQuestion" }, + { "LuaFFIPerThreadAction", true, "function", "Invoke a Lua FFI function that accepts a DNSQuestion, with a per-thread Lua context" }, + { "LuaFFIPerThreadResponseAction", true, "function", "Invoke a Lua FFI function that accepts a DNSResponse, with a per-thread Lua context" }, + { "LuaFFIResponseAction", true, "function", "Invoke a Lua FFI function that accepts a DNSResponse" }, + { "LuaFFIRule", true, "function", "Invoke a Lua FFI function that filters DNS questions" }, + { "LuaResponseAction", true, "function", "Invoke a Lua function that accepts a DNSResponse" }, + { "LuaRule", true, "function", "Invoke a Lua function that filters DNS questions" }, + { "makeIPCipherKey", true, "password", "generates a 16-byte key that can be used to pseudonymize IP addresses with IP cipher" }, + { "makeKey", true, "", "generate a new server access key, emit configuration line ready for pasting" }, + { "makeRule", true, "rule", "Make a NetmaskGroupRule() or a SuffixMatchNodeRule(), depending on how it is called" } , + { "MaxQPSIPRule", true, "qps, [v4Mask=32 [, v6Mask=64 [, burst=qps [, expiration=300 [, cleanupDelay=60]]]]]", "matches traffic exceeding the qps limit per subnet" }, + { "MaxQPSRule", true, "qps", "matches traffic **not** exceeding this qps limit" }, + { "mvCacheHitResponseRule", true, "from, to", "move cache hit response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule" }, + { "mvCacheHitResponseRuleToTop", true, "", "move the last cache hit response rule to the first position" }, + { "mvResponseRule", true, "from, to", "move response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule" }, + { "mvResponseRuleToTop", true, "", "move the last response rule to the first position" }, + { "mvRule", true, "from, to", "move rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule, in which case the rule will be moved to the last position" }, + { "mvRuleToTop", true, "", "move the last rule to the first position" }, + { "mvSelfAnsweredResponseRule", true, "from, to", "move self-answered response rule 'from' to a position where it is in front of 'to'. 'to' can be one larger than the largest rule" }, + { "mvSelfAnsweredResponseRuleToTop", true, "", "move the last self-answered response rule to the first position" }, + { "NetmaskGroupRule", true, "nmg[, src]", "Matches traffic from/to the network range specified in nmg. Set the src parameter to false to match nmg against destination address instead of source address. This can be used to differentiate between clients" }, + { "newBPFFilter", true, "maxV4, maxV6, maxQNames", "Return a new eBPF socket filter with a maximum of maxV4 IPv4, maxV6 IPv6 and maxQNames qname entries in the block table" }, + { "newCA", true, "address", "Returns a ComboAddress based on `address`" }, +#ifdef HAVE_CDB + { "newCDBKVStore", true, "fname, refreshDelay", "Return a new KeyValueStore object associated to the corresponding CDB database" }, +#endif + { "newDNSName", true, "name", "make a DNSName based on this .-terminated name" }, + { "newDNSNameSet", true, "", "returns a new DNSNameSet" }, + { "newDynBPFFilter", true, "bpf", "Return a new dynamic eBPF filter associated to a given BPF Filter" }, + { "newFrameStreamTcpLogger", true, "addr [, options]", "create a FrameStream logger object writing to a TCP address (addr should be ip:port), to use with `DnstapLogAction()` and `DnstapLogResponseAction()`" }, + { "newFrameStreamUnixLogger", true, "socket [, options]", "create a FrameStream logger object writing to a local unix socket, to use with `DnstapLogAction()` and `DnstapLogResponseAction()`" }, +#ifdef HAVE_LMDB + { "newLMDBKVStore", true, "fname, dbName [, noLock]", "Return a new KeyValueStore object associated to the corresponding LMDB database" }, +#endif + { "newNMG", true, "", "Returns a NetmaskGroup" }, + { "newPacketCache", true, "maxEntries[, maxTTL=86400, minTTL=0, temporaryFailureTTL=60, staleTTL=60, dontAge=false, numberOfShards=1, deferrableInsertLock=true, options={}]", "return a new Packet Cache" }, + { "newQPSLimiter", true, "rate, burst", "configure a QPS limiter with that rate and that burst capacity" }, + { "newRemoteLogger", true, "address:port [, timeout=2, maxQueuedEntries=100, reconnectWaitTime=1]", "create a Remote Logger object, to use with `RemoteLogAction()` and `RemoteLogResponseAction()`" }, + { "newRuleAction", true, "DNS rule, DNS action [, {uuid=\"UUID\", name=\"name\"}]", "return a pair of DNS Rule and DNS Action, to be used with `setRules()`" }, + { "newServer", true, "{address=\"ip:port\", qps=1000, order=1, weight=10, pool=\"abuse\", retries=5, tcpConnectTimeout=5, tcpSendTimeout=30, tcpRecvTimeout=30, checkName=\"a.root-servers.net.\", checkType=\"A\", maxCheckFailures=1, mustResolve=false, useClientSubnet=true, source=\"address|interface name|address@interface\", sockets=1, reconnectOnUp=false}", "instantiate a server" }, + { "newServerPolicy", true, "name, function", "create a policy object from a Lua function" }, + { "newSuffixMatchNode", true, "", "returns a new SuffixMatchNode" }, + { "newSVCRecordParameters", true, "priority, target, mandatoryParams, alpns, noDefaultAlpn [, port [, ech [, ipv4hints [, ipv6hints [, additionalParameters ]]]]]", "return a new SVCRecordParameters object, to use with SpoofSVCAction" }, + { "NegativeAndSOAAction", true, "nxd, zone, ttl, mname, rname, serial, refresh, retry, expire, minimum [, options]", "Turn a query into a NXDomain or NoData answer and sets a SOA record in the additional section" }, + { "NoneAction", true, "", "Does nothing. Subsequent rules are processed after this action" }, + { "NotRule", true, "selector", "Matches the traffic if the selector rule does not match" }, + { "OpcodeRule", true, "code", "Matches queries with opcode code. code can be directly specified as an integer, or one of the built-in DNSOpcodes" }, + { "OrRule", true, "selectors", "Matches the traffic if one or more of the the selectors rules does match" }, + { "PoolAction", true, "poolname", "set the packet into the specified pool" }, + { "PoolAvailableRule", true, "poolname", "Check whether a pool has any servers available to handle queries" }, + { "PoolOutstandingRule", true, "poolname, limit", "Check whether a pool has outstanding queries above limit" }, + { "printDNSCryptProviderFingerprint", true, "\"/path/to/providerPublic.key\"", "display the fingerprint of the provided resolver public key" }, + { "ProbaRule", true, "probability", "Matches queries with a given probability. 1.0 means always" }, + { "ProxyProtocolValueRule", true, "type [, value]", "matches queries with a specified Proxy Protocol TLV value of that type, optionally matching the content of the option as well" }, + { "QClassRule", true, "qclass", "Matches queries with the specified qclass. class can be specified as an integer or as one of the built-in DNSClass" }, + { "QNameLabelsCountRule", true, "min, max", "matches if the qname has less than `min` or more than `max` labels" }, + { "QNameRule", true, "qname", "matches queries with the specified qname" }, + { "QNameSetRule", true, "set", "Matches if the set contains exact qname" }, + { "QNameWireLengthRule", true, "min, max", "matches if the qname's length on the wire is less than `min` or more than `max` bytes" }, + { "QPSAction", true, "maxqps", "Drop a packet if it does exceed the maxqps queries per second limits. Letting the subsequent rules apply otherwise" }, + { "QPSPoolAction", true, "maxqps, poolname", "Send the packet into the specified pool only if it does not exceed the maxqps queries per second limits. Letting the subsequent rules apply otherwise" }, + { "QTypeRule", true, "qtype", "matches queries with the specified qtype" }, + { "RCodeAction", true, "rcode", "Reply immediately by turning the query into a response with the specified rcode" }, + { "RCodeRule", true, "rcode", "matches responses with the specified rcode" }, + { "RDRule", true, "", "Matches queries with the RD flag set" }, + { "RecordsCountRule", true, "section, minCount, maxCount", "Matches if there is at least minCount and at most maxCount records in the section section. section can be specified as an integer or as a DNS Packet Sections" }, + { "RecordsTypeCountRule", true, "section, qtype, minCount, maxCount", "Matches if there is at least minCount and at most maxCount records of type type in the section section" }, + { "RegexRule", true, "regex", "matches the query name against the supplied regex" }, + { "registerDynBPFFilter", true, "DynBPFFilter", "register this dynamic BPF filter into the web interface so that its counters are displayed" }, + { "reloadAllCertificates", true, "", "reload all DNSCrypt and TLS certificates, along with their associated keys" }, + { "RemoteLogAction", true, "RemoteLogger [, alterFunction [, serverID]]", "send the content of this query to a remote logger via Protocol Buffer. `alterFunction` is a callback, receiving a DNSQuestion and a DNSDistProtoBufMessage, that can be used to modify the Protocol Buffer content, for example for anonymization purposes. `serverID` is the server identifier." }, + { "RemoteLogResponseAction", true, "RemoteLogger [,alterFunction [,includeCNAME [, serverID]]]", "send the content of this response to a remote logger via Protocol Buffer. `alterFunction` is the same callback than the one in `RemoteLogAction` and `includeCNAME` indicates whether CNAME records inside the response should be parsed and exported. The default is to only exports A and AAAA records. `serverID` is the server identifier." }, + { "requestTCPStatesDump", true, "", "Request a dump of the TCP states (incoming connections, outgoing connections) during the next scan. Useful for debugging purposes only" }, + { "rmACL", true, "netmask", "remove netmask from ACL" }, + { "rmCacheHitResponseRule", true, "id", "remove cache hit response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID" }, + { "rmResponseRule", true, "id", "remove response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID" }, + { "rmRule", true, "id", "remove rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID" }, + { "rmSelfAnsweredResponseRule", true, "id", "remove self-answered response rule in position 'id', or whose uuid matches if 'id' is an UUID string, or finally whose name matches if 'id' is a string but not a valid UUID" }, + { "rmServer", true, "id", "remove server with index 'id' or whose uuid matches if 'id' is an UUID string" }, + { "roundrobin", false, "", "Simple round robin over available servers" }, + { "sendCustomTrap", true, "str", "send a custom `SNMP` trap from Lua, containing the `str` string"}, + { "setACL", true, "{netmask, netmask}", "replace the ACL set with these netmasks. Use `setACL({})` to reset the list, meaning no one can use us" }, + { "setACLFromFile", true, "file", "replace the ACL set with netmasks in this file" }, + { "setAddEDNSToSelfGeneratedResponses", true, "add", "set whether to add EDNS to self-generated responses, provided that the initial query had EDNS" }, + { "setAllowEmptyResponse", true, "allow", "Set to true (defaults to false) to allow empty responses (qdcount=0) with a NoError or NXDomain rcode (default) from backends" }, + { "setAPIWritable", true, "bool, dir", "allow modifications via the API. if `dir` is set, it must be a valid directory where the configuration files will be written by the API" }, + { "setCacheCleaningDelay", true, "num", "Set the interval in seconds between two runs of the cache cleaning algorithm, removing expired entries" }, + { "setCacheCleaningPercentage", true, "num", "Set the percentage of the cache that the cache cleaning algorithm will try to free by removing expired entries. By default (100), all expired entries are remove" }, + { "setConsistentHashingBalancingFactor", true, "factor", "Set the balancing factor for bounded-load consistent hashing" }, + { "setConsoleACL", true, "{netmask, netmask}", "replace the console ACL set with these netmasks" }, + { "setConsoleConnectionsLogging", true, "enabled", "whether to log the opening and closing of console connections" }, + { "setConsoleMaximumConcurrentConnections", true, "max", "Set the maximum number of concurrent console connections" }, + { "setConsoleOutputMaxMsgSize", true, "messageSize", "set console message maximum size in bytes, default is 10 MB" }, + { "setDefaultBPFFilter", true, "filter", "When used at configuration time, the corresponding BPFFilter will be attached to every bind" }, + { "setDoHDownstreamCleanupInterval", true, "interval", "minimum interval in seconds between two cleanups of the idle DoH downstream connections" }, + { "setDoHDownstreamMaxIdleTime", true, "time", "Maximum time in seconds that a downstream DoH connection to a backend might stay idle" }, + { "setDynBlocksAction", true, "action", "set which action is performed when a query is blocked. Only DNSAction.Drop (the default) and DNSAction.Refused are supported" }, + { "setDynBlocksPurgeInterval", true, "sec", "set how often the expired dynamic block entries should be removed" }, + { "setDropEmptyQueries", true, "drop", "Whether to drop empty queries right away instead of sending a NOTIMP response" }, + { "setECSOverride", true, "bool", "whether to override an existing EDNS Client Subnet value in the query" }, + { "setECSSourcePrefixV4", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv4 queries" }, + { "setECSSourcePrefixV6", true, "prefix-length", "the EDNS Client Subnet prefix-length used for IPv6 queries" }, + { "setKey", true, "key", "set access key to that key" }, + { "setLocal", true, "addr [, {doTCP=true, reusePort=false, tcpFastOpenQueueSize=0, interface=\"\", cpus={}}]", "reset the list of addresses we listen on to this address" }, + { "setMaxCachedDoHConnectionsPerDownstream", true, "max", "Set the maximum number of inactive DoH connections to a backend cached by each worker DoH thread" }, + { "setMaxCachedTCPConnectionsPerDownstream", true, "max", "Set the maximum number of inactive TCP connections to a backend cached by each worker TCP thread" }, + { "setMaxTCPClientThreads", true, "n", "set the maximum of TCP client threads, handling TCP connections" }, + { "setMaxTCPConnectionDuration", true, "n", "set the maximum duration of an incoming TCP connection, in seconds. 0 means unlimited" }, + { "setMaxTCPConnectionsPerClient", true, "n", "set the maximum number of TCP connections per client. 0 means unlimited" }, + { "setMaxTCPQueriesPerConnection", true, "n", "set the maximum number of queries in an incoming TCP connection. 0 means unlimited" }, + { "setMaxTCPQueuedConnections", true, "n", "set the maximum number of TCP connections queued (waiting to be picked up by a client thread)" }, + { "setMaxUDPOutstanding", true, "n", "set the maximum number of outstanding UDP queries to a given backend server. This can only be set at configuration time and defaults to 65535" }, + { "setPayloadSizeOnSelfGeneratedAnswers", true, "payloadSize", "set the UDP payload size advertised via EDNS on self-generated responses" }, + { "setPoolServerPolicy", true, "policy, pool", "set the server selection policy for this pool to that policy" }, + { "setPoolServerPolicyLua", true, "name, function, pool", "set the server selection policy for this pool to one named 'name' and provided by 'function'" }, + { "setPoolServerPolicyLuaFFI", true, "name, function, pool", "set the server selection policy for this pool to one named 'name' and provided by 'function'" }, + { "setPoolServerPolicyLuaFFIPerThread", true, "name, code", "set server selection policy for this pool to one named 'name' and returned by the Lua FFI code passed in 'code'" }, + { "setProxyProtocolACL", true, "{netmask, netmask}", "Set the netmasks who are allowed to send Proxy Protocol headers in front of queries/connections" }, + { "setProxyProtocolApplyACLToProxiedClients", true, "apply", "Whether the general ACL should be applied to the source IP address gathered from a Proxy Protocol header, in addition to being first applied to the source address seen by dnsdist" }, + { "setProxyProtocolMaximumPayloadSize", true, "max", "Set the maximum size of a Proxy Protocol payload, in bytes" }, + { "setQueryCount", true, "bool", "set whether queries should be counted" }, + { "setQueryCountFilter", true, "func", "filter queries that would be counted, where `func` is a function with parameter `dq` which decides whether a query should and how it should be counted" }, + { "setRingBuffersLockRetries", true, "n", "set the number of attempts to get a non-blocking lock to a ringbuffer shard before blocking" }, + { "setRingBuffersSize", true, "n [, numberOfShards]", "set the capacity of the ringbuffers used for live traffic inspection to `n`, and optionally the number of shards to use to `numberOfShards`" }, + { "setRoundRobinFailOnNoServer", true, "value", "By default the roundrobin load-balancing policy will still try to select a backend even if all backends are currently down. Setting this to true will make the policy fail and return that no server is available instead" }, + { "setRules", true, "list of rules", "replace the current rules with the supplied list of pairs of DNS Rules and DNS Actions (see `newRuleAction()`)" }, + { "setSecurityPollInterval", true, "n", "set the security polling interval to `n` seconds" }, + { "setSecurityPollSuffix", true, "suffix", "set the security polling suffix to the specified value" }, + { "setServerPolicy", true, "policy", "set server selection policy to that policy" }, + { "setServerPolicyLua", true, "name, function", "set server selection policy to one named 'name' and provided by 'function'" }, + { "setServerPolicyLuaFFI", true, "name, function", "set server selection policy to one named 'name' and provided by the Lua FFI 'function'" }, + { "setServerPolicyLuaFFIPerThread", true, "name, code", "set server selection policy to one named 'name' and returned by the Lua FFI code passed in 'code'" }, + { "setServFailWhenNoServer", true, "bool", "if set, return a ServFail when no servers are available, instead of the default behaviour of dropping the query" }, + { "setStaleCacheEntriesTTL", true, "n", "allows using cache entries expired for at most n seconds when there is no backend available to answer for a query" }, + { "setSyslogFacility", true, "facility", "set the syslog logging facility to 'facility'. Defaults to LOG_DAEMON" }, + { "setTCPDownstreamCleanupInterval", true, "interval", "minimum interval in seconds between two cleanups of the idle TCP downstream connections" }, + { "setTCPDownstreamMaxIdleTime", true, "time", "Maximum time in seconds that a downstream TCP connection to a backend might stay idle" }, + { "setTCPInternalPipeBufferSize", true, "size", "Set the size in bytes of the internal buffer of the pipes used internally to distribute connections to TCP (and DoT) workers threads" }, + { "setTCPRecvTimeout", true, "n", "set the read timeout on TCP connections from the client, in seconds" }, + { "setTCPSendTimeout", true, "n", "set the write timeout on TCP connections from the client, in seconds" }, + { "setUDPMultipleMessagesVectorSize", true, "n", "set the size of the vector passed to recvmmsg() to receive UDP messages. Default to 1 which means that the feature is disabled and recvmsg() is used instead" }, + { "setUDPSocketBufferSizes", true, "recv, send", "Set the size of the receive (SO_RCVBUF) and send (SO_SNDBUF) buffers for incoming UDP sockets" }, + { "setUDPTimeout", true, "n", "set the maximum time dnsdist will wait for a response from a backend over UDP, in seconds" }, + { "setVerboseHealthChecks", true, "bool", "set whether health check errors will be logged" }, + { "setWebserverConfig", true, "[{password=string, apiKey=string, customHeaders, statsRequireAuthentication}]", "Updates webserver configuration" }, + { "setWeightedBalancingFactor", true, "factor", "Set the balancing factor for bounded-load weighted policies (whashed, wrandom)" }, + { "setWHashedPertubation", true, "value", "Set the hash perturbation value to be used in the whashed policy instead of a random one, allowing to have consistent whashed results on different instance" }, + { "show", true, "string", "outputs `string`" }, + { "showACL", true, "", "show our ACL set" }, + { "showBinds", true, "", "show listening addresses (frontends)" }, + { "showCacheHitResponseRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined cache hit response rules, optionally with their UUIDs and optionally truncated to a given width" }, + { "showConsoleACL", true, "", "show our current console ACL set" }, + { "showDNSCryptBinds", true, "", "display the currently configured DNSCrypt binds" }, + { "showDOHFrontends", true, "", "list all the available DOH frontends" }, + { "showDOHResponseCodes", true, "", "show the HTTP response code statistics for the DoH frontends"}, + { "showDynBlocks", true, "", "show dynamic blocks in force" }, + { "showPools", true, "", "show the available pools" }, + { "showPoolServerPolicy", true, "pool", "show server selection policy for this pool" }, + { "showResponseLatency", true, "", "show a plot of the response time latency distribution" }, + { "showResponseRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined response rules, optionally with their UUIDs and optionally truncated to a given width" }, + { "showRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined rules, optionally with their UUIDs and optionally truncated to a given width" }, + { "showSecurityStatus", true, "", "Show the security status"}, + { "showSelfAnsweredResponseRules", true, "[{showUUIDs=false, truncateRuleWidth=-1}]", "show all defined self-answered response rules, optionally with their UUIDs and optionally truncated to a given width" }, + { "showServerPolicy", true, "", "show name of currently operational server selection policy" }, + { "showServers", true, "[{showUUIDs=false}]", "output all servers, optionally with their UUIDs" }, + { "showTCPStats", true, "", "show some statistics regarding TCP" }, + { "showTLSContexts", true, "", "list all the available TLS contexts" }, + { "showTLSErrorCounters", true, "", "show metrics about TLS handshake failures" }, + { "showVersion", true, "", "show the current version" }, + { "showWebserverConfig", true, "", "Show the current webserver configuration" }, + { "shutdown", true, "", "shut down `dnsdist`" }, + { "snmpAgent", true, "enableTraps [, daemonSocket]", "enable `SNMP` support. `enableTraps` is a boolean indicating whether traps should be sent and `daemonSocket` an optional string specifying how to connect to the daemon agent"}, + { "SetAdditionalProxyProtocolValueAction", true, "type, value", "Add a Proxy Protocol TLV value of this type" }, + { "SetDisableECSAction", true, "", "Disable the sending of ECS to the backend. Subsequent rules are processed after this action." }, + { "SetDisableValidationAction", true, "", "set the CD bit in the question, let it go through" }, + { "SetECSAction", true, "v4[, v6]", "Set the ECS prefix and prefix length sent to backends to an arbitrary value" }, + { "SetECSOverrideAction", true, "override", "Whether an existing EDNS Client Subnet value should be overridden (true) or not (false). Subsequent rules are processed after this action" }, + { "SetECSPrefixLengthAction", true, "v4, v6", "Set the ECS prefix length. Subsequent rules are processed after this action" }, + { "SetMacAddrAction", true, "option", "Add the source MAC address to the query as EDNS0 option option. This action is currently only supported on Linux. Subsequent rules are processed after this action" }, + { "SetEDNSOptionAction", true, "option, data", "Add arbitrary EDNS option and data to the query. Subsequent rules are processed after this action" }, + { "SetNoRecurseAction", true, "", "strip RD bit from the question, let it go through" }, + { "setOutgoingDoHWorkerThreads", true, "n", "Number of outgoing DoH worker threads" }, + { "SetProxyProtocolValuesAction", true, "values", "Set the Proxy-Protocol values for this queries to 'values'" }, + { "SetSkipCacheAction", true, "", "Don’t lookup the cache for this query, don’t store the answer" }, + { "SetSkipCacheResponseAction", true, "", "Don’t store this response into the cache" }, + { "SetTagAction", true, "name, value", "set the tag named 'name' to the given value" }, + { "SetTagResponseAction", true, "name, value", "set the tag named 'name' to the given value" }, + { "SetTempFailureCacheTTLAction", true, "ttl", "set packetcache TTL for temporary failure replies" }, + { "SNIRule", true, "name", "Create a rule which matches on the incoming TLS SNI value, if any (DoT or DoH)" }, + { "SNMPTrapAction", true, "[reason]", "send an SNMP trap, adding the optional `reason` string as the query description"}, + { "SNMPTrapResponseAction", true, "[reason]", "send an SNMP trap, adding the optional `reason` string as the response description"}, + { "SpoofAction", true, "ip|list of ips [, options]", "forge a response with the specified IPv4 (for an A query) or IPv6 (for an AAAA). If you specify multiple addresses, all that match the query type (A, AAAA or ANY) will get spoofed in" }, + { "SpoofCNAMEAction", true, "cname [, options]", "Forge a response with the specified CNAME value" }, + { "SpoofRawAction", true, "raw|list of raws [, options]", "Forge a response with the specified record data as raw bytes. If you specify multiple raws (it is assumed they match the query type), all will get spoofed in" }, + { "SpoofSVCAction", true, "list of svcParams [, options]", "Forge a response with the specified SVC record data" } , + { "SuffixMatchNodeRule", true, "smn[, quiet]", "Matches based on a group of domain suffixes for rapid testing of membership. Pass true as second parameter to prevent listing of all domains matched" }, + { "TagRule", true, "name [, value]", "matches if the tag named 'name' is present, with the given 'value' matching if any" }, + { "TCAction", true, "", "create answer to query with TC and RD bits set, to move to TCP" }, + { "TCPRule", true, "[tcp]", "Matches question received over TCP if tcp is true, over UDP otherwise" }, + { "TeeAction", true, "remote [, addECS]", "send copy of query to remote, optionally adding ECS info" }, + { "testCrypto", true, "", "test of the crypto all works" }, + { "TimedIPSetRule", true, "", "Create a rule which matches a set of IP addresses which expire"}, + { "topBandwidth", true, "top", "show top-`top` clients that consume the most bandwidth over length of ringbuffer" }, + { "topCacheHitResponseRules", true, "[top][, vars]", "show `top` cache-hit response rules" }, + { "topClients", true, "n", "show top-`n` clients sending the most queries over length of ringbuffer" }, + { "topQueries", true, "n[, labels]", "show top 'n' queries, as grouped when optionally cut down to 'labels' labels" }, + { "topResponses", true, "n, kind[, labels]", "show top 'n' responses with RCODE=kind (0=NO Error, 2=ServFail, 3=NXDomain), as grouped when optionally cut down to 'labels' labels" }, + { "topResponseRules", true, "[top][, vars]", "show `top` response rules" }, + { "topRules", true, "[top][, vars]", "show `top` rules" }, + { "topSelfAnsweredResponseRules", true, "[top][, vars]", "show `top` self-answered response rules" }, + { "topSlow", true, "[top][, limit][, labels]", "show `top` queries slower than `limit` milliseconds, grouped by last `labels` labels" }, + { "TrailingDataRule", true, "", "Matches if the query has trailing data" }, + { "truncateTC", true, "bool", "if set (defaults to no starting with dnsdist 1.2.0) truncate TC=1 answers so they are actually empty. Fixes an issue for PowerDNS Authoritative Server 2.9.22. Note: turning this on breaks compatibility with RFC 6891." }, + { "unregisterDynBPFFilter", true, "DynBPFFilter", "unregister this dynamic BPF filter" }, + { "webserver", true, "address:port", "launch a webserver with stats on that address" }, + { "whashed", false, "", "Weighted hashed ('sticky') distribution over available servers, based on the server 'weight' parameter" }, + { "chashed", false, "", "Consistent hashed ('sticky') distribution over available servers, also based on the server 'weight' parameter" }, + { "wrandom", false, "", "Weighted random over available servers, based on the server 'weight' parameter" }, +}; + +extern "C" { +static char* my_generator(const char* text, int state) +{ + string t(text); + /* to keep it readable, we try to keep only 4 keywords per line + and to start a new line when the first letter changes */ + static int s_counter=0; + int counter=0; + if(!state) + s_counter=0; + + for(const auto& keyword : g_consoleKeywords) { + if(boost::starts_with(keyword.name, t) && counter++ == s_counter) { + std::string value(keyword.name); + s_counter++; + if (keyword.function) { + value += "("; + if (keyword.parameters.empty()) { + value += ")"; + } + } + return strdup(value.c_str()); + } + } + return 0; +} + +char** my_completion( const char * text , int start, int end) +{ + char **matches=0; + if (start == 0) + matches = rl_completion_matches ((char*)text, &my_generator); + + // skip default filename completion. + rl_attempted_completion_over = 1; + + return matches; +} +} + +static void controlClientThread(ConsoleConnection&& conn) +{ + try + { + setThreadName("dnsdist/conscli"); + + setTCPNoDelay(conn.getFD()); + + SodiumNonce theirs, ours, readingNonce, writingNonce; + ours.init(); + readn2(conn.getFD(), (char*)theirs.value, sizeof(theirs.value)); + writen2(conn.getFD(), (char*)ours.value, sizeof(ours.value)); + readingNonce.merge(ours, theirs); + writingNonce.merge(theirs, ours); + + for(;;) { + uint32_t len; + if (!getMsgLen32(conn.getFD(), &len)) { + break; + } + + if (len == 0) { + /* just ACK an empty message + with an empty response */ + putMsgLen32(conn.getFD(), 0); + continue; + } + + std::string line; + line.resize(len); + readn2(conn.getFD(), line.data(), len); + + line = sodDecryptSym(line, g_consoleKey, readingNonce); + + string response; + try { + bool withReturn=true; + retry:; + try { + auto lua = g_lua.lock(); + + g_outputBuffer.clear(); + resetLuaSideEffect(); + auto ret = lua->executeCode< + boost::optional< + boost::variant< + string, + shared_ptr, + ClientState*, + std::unordered_map + > + > + >(withReturn ? ("return "+line) : line); + + if(ret) { + if (const auto dsValue = boost::get>(&*ret)) { + if (*dsValue) { + response=(*dsValue)->getName()+"\n"; + } else { + response=""; + } + } + else if (const auto csValue = boost::get(&*ret)) { + if (*csValue) { + response=(*csValue)->local.toStringWithPort()+"\n"; + } else { + response=""; + } + } + else if (const auto strValue = boost::get(&*ret)) { + response=*strValue+"\n"; + } + else if(const auto um = boost::get >(&*ret)) { + using namespace json11; + Json::object o; + for(const auto& v : *um) + o[v.first]=v.second; + Json out = o; + response=out.dump()+"\n"; + } + } + else + response=g_outputBuffer; + if(!getLuaNoSideEffect()) + feedConfigDelta(line); + } + catch(const LuaContext::SyntaxErrorException&) { + if(withReturn) { + withReturn=false; + goto retry; + } + throw; + } + } + catch(const LuaContext::WrongTypeException& e) { + response = "Command returned an object we can't print: " +std::string(e.what()) + "\n"; + // tried to return something we don't understand + } + catch(const LuaContext::ExecutionErrorException& e) { + if(!strcmp(e.what(),"invalid key to 'next'")) + response = "Error: Parsing function parameters, did you forget parameter name?"; + else + response = "Error: " + string(e.what()); + try { + std::rethrow_if_nested(e); + } catch(const std::exception& ne) { + // ne is the exception that was thrown from inside the lambda + response+= ": " + string(ne.what()); + } + catch(const PDNSException& ne) { + // ne is the exception that was thrown from inside the lambda + response += ": " + string(ne.reason); + } + } + catch(const LuaContext::SyntaxErrorException& e) { + response = "Error: " + string(e.what()) + ": "; + } + response = sodEncryptSym(response, g_consoleKey, writingNonce); + putMsgLen32(conn.getFD(), response.length()); + writen2(conn.getFD(), response.c_str(), response.length()); + } + if (g_logConsoleConnections) { + infolog("Closed control connection from %s", conn.getClient().toStringWithPort()); + } + } + catch (const std::exception& e) + { + errlog("Got an exception in client connection from %s: %s", conn.getClient().toStringWithPort(), e.what()); + } +} + +void controlThread(int fd, ComboAddress local) +{ + try + { + setThreadName("dnsdist/control"); + ComboAddress client; + int sock; + auto localACL = g_consoleACL.getLocal(); + infolog("Accepting control connections on %s", local.toStringWithPort()); + + while ((sock = SAccept(fd, client)) >= 0) { + + if (!sodIsValidKey(g_consoleKey)) { + vinfolog("Control connection from %s dropped because we don't have a valid key configured, please configure one using setKey()", client.toStringWithPort()); + close(sock); + continue; + } + + if (!localACL->match(client)) { + vinfolog("Control connection from %s dropped because of ACL", client.toStringWithPort()); + close(sock); + continue; + } + + try { + ConsoleConnection conn(client, sock); + if (g_logConsoleConnections) { + warnlog("Got control connection from %s", client.toStringWithPort()); + } + + std::thread t(controlClientThread, std::move(conn)); + t.detach(); + } + catch (const std::exception& e) { + errlog("Control connection died: %s", e.what()); + } + } + } + catch (const std::exception& e) + { + close(fd); + errlog("Control thread died: %s", e.what()); + } +} + +void clearConsoleHistory() +{ + clear_history(); + g_confDelta.clear(); +} diff --git a/dnsdist-console.hh b/dnsdist-console.hh new file mode 100644 index 0000000..5697c8a --- /dev/null +++ b/dnsdist-console.hh @@ -0,0 +1,56 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +struct ConsoleKeyword { + std::string name; + bool function; + std::string parameters; + std::string description; + std::string toString() const + { + std::string res(name); + if (function) { + res += "(" + parameters + ")"; + } + res += ": "; + res += description; + return res; + } +}; + +extern GlobalStateHolder g_consoleACL; +extern const std::vector g_consoleKeywords; +extern std::string g_consoleKey; // in theory needs locking +extern bool g_logConsoleConnections; +extern bool g_consoleEnabled; +extern uint32_t g_consoleOutputMsgMaxSize; + +void doClient(ComboAddress server, const std::string& command); +void doConsole(); +extern "C" { +char** my_completion( const char * text , int start, int end); +} +void controlThread(int fd, ComboAddress local); +void clearConsoleHistory(); + +void setConsoleMaximumConcurrentConnections(size_t max); diff --git a/dnsdist-dnscrypt.cc b/dnsdist-dnscrypt.cc new file mode 100644 index 0000000..9930144 --- /dev/null +++ b/dnsdist-dnscrypt.cc @@ -0,0 +1,49 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "dolog.hh" +#include "dnsdist.hh" +#include "dnscrypt.hh" + +#ifdef HAVE_DNSCRYPT +int handleDNSCryptQuery(PacketBuffer& packet, DNSCryptQuery& query, bool tcp, time_t now, PacketBuffer& response) +{ + query.parsePacket(packet, tcp, now); + + if (query.isValid() == false) { + vinfolog("Dropping DNSCrypt invalid query"); + return false; + } + + if (query.isEncrypted() == false) { + query.getCertificateResponse(now, response); + + return false; + } + + if (packet.size() < static_cast(sizeof(struct dnsheader))) { + ++g_stats.nonCompliantQueries; + return false; + } + + return true; +} +#endif diff --git a/dnsdist-dynblocks.cc b/dnsdist-dynblocks.cc new file mode 100644 index 0000000..30d4f2c --- /dev/null +++ b/dnsdist-dynblocks.cc @@ -0,0 +1,756 @@ + +#include "dnsdist.hh" +#include "dnsdist-dynblocks.hh" + +GlobalStateHolder> g_dynblockNMG; +GlobalStateHolder> g_dynblockSMT; +DNSAction::Action g_dynBlockAction = DNSAction::Action::Drop; + +void DynBlockRulesGroup::apply(const struct timespec& now) +{ + counts_t counts; + StatNode statNodeRoot; + + size_t entriesCount = 0; + if (hasQueryRules()) { + entriesCount += g_rings.getNumberOfQueryEntries(); + } + if (hasResponseRules()) { + entriesCount += g_rings.getNumberOfResponseEntries(); + } + counts.reserve(entriesCount); + + processQueryRules(counts, now); + processResponseRules(counts, statNodeRoot, now); + + if (counts.empty() && statNodeRoot.empty()) { + return; + } + + boost::optional > blocks; + bool updated = false; + + for (const auto& entry : counts) { + const auto& requestor = entry.first; + const auto& counters = entry.second; + + if (d_queryRateRule.warningRateExceeded(counters.queries, now)) { + handleWarning(blocks, now, requestor, d_queryRateRule, updated); + } + + if (d_queryRateRule.rateExceeded(counters.queries, now)) { + addBlock(blocks, now, requestor, d_queryRateRule, updated); + continue; + } + + if (d_respRateRule.warningRateExceeded(counters.respBytes, now)) { + handleWarning(blocks, now, requestor, d_respRateRule, updated); + } + + if (d_respRateRule.rateExceeded(counters.respBytes, now)) { + addBlock(blocks, now, requestor, d_respRateRule, updated); + continue; + } + + for (const auto& pair : d_qtypeRules) { + const auto qtype = pair.first; + + const auto& typeIt = counters.d_qtypeCounts.find(qtype); + if (typeIt != counters.d_qtypeCounts.cend()) { + + if (pair.second.warningRateExceeded(typeIt->second, now)) { + handleWarning(blocks, now, requestor, pair.second, updated); + } + + if (pair.second.rateExceeded(typeIt->second, now)) { + addBlock(blocks, now, requestor, pair.second, updated); + break; + } + } + } + + for (const auto& pair : d_rcodeRules) { + const auto rcode = pair.first; + + const auto& rcodeIt = counters.d_rcodeCounts.find(rcode); + if (rcodeIt != counters.d_rcodeCounts.cend()) { + if (pair.second.warningRateExceeded(rcodeIt->second, now)) { + handleWarning(blocks, now, requestor, pair.second, updated); + } + + if (pair.second.rateExceeded(rcodeIt->second, now)) { + addBlock(blocks, now, requestor, pair.second, updated); + break; + } + } + } + + for (const auto& pair : d_rcodeRatioRules) { + const auto rcode = pair.first; + + const auto& rcodeIt = counters.d_rcodeCounts.find(rcode); + if (rcodeIt != counters.d_rcodeCounts.cend()) { + if (pair.second.warningRatioExceeded(counters.responses, rcodeIt->second)) { + handleWarning(blocks, now, requestor, pair.second, updated); + } + + if (pair.second.ratioExceeded(counters.responses, rcodeIt->second)) { + addBlock(blocks, now, requestor, pair.second, updated); + break; + } + } + } + } + + if (updated && blocks) { + g_dynblockNMG.setState(std::move(*blocks)); + } + + if (!statNodeRoot.empty()) { + StatNode::Stat node; + std::unordered_map> namesToBlock; + statNodeRoot.visit([this,&namesToBlock](const StatNode* node_, const StatNode::Stat& self, const StatNode::Stat& children) { + bool block = false; + std::optional reason; + + if (d_smtVisitorFFI) { + dnsdist_ffi_stat_node_t tmp(*node_, self, children, reason); + block = d_smtVisitorFFI(&tmp); + } + else { + auto ret = d_smtVisitor(*node_, self, children); + block = std::get<0>(ret); + if (block) { + if (boost::optional tmp = std::get<1>(ret)) { + reason = std::move(*tmp); + } + } + } + + if (block) { + namesToBlock.insert({DNSName(node_->fullname), std::move(reason)}); + } + }, + node); + + if (!namesToBlock.empty()) { + updated = false; + SuffixMatchTree smtBlocks = g_dynblockSMT.getCopy(); + for (auto& [name, reason] : namesToBlock) { + if (reason) { + DynBlockRule rule(d_suffixMatchRule); + rule.d_blockReason = std::move(*reason); + addOrRefreshBlockSMT(smtBlocks, now, std::move(name), std::move(rule), updated); + } + else { + addOrRefreshBlockSMT(smtBlocks, now, std::move(name), d_suffixMatchRule, updated); + } + } + if (updated) { + g_dynblockSMT.setState(std::move(smtBlocks)); + } + } + } +} + +bool DynBlockRulesGroup::checkIfQueryTypeMatches(const Rings::Query& query) +{ + auto rule = d_qtypeRules.find(query.qtype); + if (rule == d_qtypeRules.end()) { + return false; + } + + return rule->second.matches(query.when); +} + +bool DynBlockRulesGroup::checkIfResponseCodeMatches(const Rings::Response& response) +{ + auto rule = d_rcodeRules.find(response.dh.rcode); + if (rule != d_rcodeRules.end() && rule->second.matches(response.when)) { + return true; + } + + auto ratio = d_rcodeRatioRules.find(response.dh.rcode); + if (ratio != d_rcodeRatioRules.end() && ratio->second.matches(response.when)) { + return true; + } + + return false; +} + +/* return the actual action that will be taken by that block: + - either the one set on that block, if any + - or the one set with setDynBlocksAction in g_dynBlockAction +*/ +static DNSAction::Action getActualAction(const DynBlock& block) +{ + if (block.action != DNSAction::Action::None) { + return block.action; + } + return g_dynBlockAction; +} + +void DynBlockRulesGroup::addOrRefreshBlock(boost::optional >& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning) +{ + /* network exclusions are address-based only (no port) */ + if (d_excludedSubnets.match(requestor.getNetwork())) { + /* do not add a block for excluded subnets */ + return; + } + + if (!blocks) { + blocks = g_dynblockNMG.getCopy(); + } + struct timespec until = now; + until.tv_sec += rule.d_blockDuration; + unsigned int count = 0; + const auto& got = blocks->lookup(requestor); + bool expired = false; + bool wasWarning = false; + bool bpf = false; + + if (got) { + bpf = got->second.bpf; + + if (warning && !got->second.warning) { + /* we have an existing entry which is not a warning, + don't override it */ + return; + } + else if (!warning && got->second.warning) { + wasWarning = true; + } + else { + if (until < got->second.until) { + // had a longer policy + return; + } + } + + if (now < got->second.until) { + // only inherit count on fresh query we are extending + count = got->second.blocks; + } + else { + expired = true; + } + } + + DynBlock db{rule.d_blockReason, until, DNSName(), warning ? DNSAction::Action::NoOp : rule.d_action}; + db.blocks = count; + db.warning = warning; + if (!got || expired || wasWarning) { + const auto actualAction = getActualAction(db); + if (g_defaultBPFFilter && + ((requestor.isIPv4() && requestor.getBits() == 32) || (requestor.isIPv6() && requestor.getBits() == 128)) && + (actualAction == DNSAction::Action::Drop || actualAction == DNSAction::Action::Truncate)) { + try { + BPFFilter::MatchAction bpfAction = actualAction == DNSAction::Action::Drop ? BPFFilter::MatchAction::Drop : BPFFilter::MatchAction::Truncate; + if (g_defaultBPFFilter->supportsMatchAction(bpfAction)) { + /* the current BPF filter implementation only supports full addresses (/32 or /128) and no port */ + g_defaultBPFFilter->block(requestor.getNetwork(), bpfAction); + bpf = true; + } + } + catch (const std::exception& e) { + vinfolog("Unable to insert eBPF dynamic block for %s, falling back to regular dynamic block: %s", requestor.toString(), e.what()); + } + } + + if (!d_beQuiet) { + warnlog("Inserting %sdynamic block for %s for %d seconds: %s", warning ? "(warning) " :"", requestor.toString(), rule.d_blockDuration, rule.d_blockReason); + } + } + + db.bpf = bpf; + + blocks->insert(requestor).second = std::move(db); + + updated = true; +} + +void DynBlockRulesGroup::addOrRefreshBlockSMT(SuffixMatchTree& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated) +{ + if (d_excludedDomains.check(name)) { + /* do not add a block for excluded domains */ + return; + } + + struct timespec until = now; + until.tv_sec += rule.d_blockDuration; + unsigned int count = 0; + /* be careful, if you try to insert a longer suffix + lookup() might return a shorter one if it is + already in the tree as a final node */ + const DynBlock* got = blocks.lookup(name); + if (got && got->domain != name) { + got = nullptr; + } + bool expired = false; + + if (got) { + if (until < got->until) { + // had a longer policy + return; + } + + if (now < got->until) { + // only inherit count on fresh query we are extending + count = got->blocks; + } + else { + expired = true; + } + } + + DynBlock db{rule.d_blockReason, until, name.makeLowerCase(), rule.d_action}; + db.blocks = count; + + if (!d_beQuiet && (!got || expired)) { + warnlog("Inserting dynamic block for %s for %d seconds: %s", name, rule.d_blockDuration, rule.d_blockReason); + } + blocks.add(name, std::move(db)); + updated = true; +} + +void DynBlockRulesGroup::processQueryRules(counts_t& counts, const struct timespec& now) +{ + if (!hasQueryRules()) { + return; + } + + d_queryRateRule.d_cutOff = d_queryRateRule.d_minTime = now; + d_queryRateRule.d_cutOff.tv_sec -= d_queryRateRule.d_seconds; + + for (auto& rule : d_qtypeRules) { + rule.second.d_cutOff = rule.second.d_minTime = now; + rule.second.d_cutOff.tv_sec -= rule.second.d_seconds; + } + + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->queryRing.lock(); + for(const auto& c : *rl) { + if (now < c.when) { + continue; + } + + bool qRateMatches = d_queryRateRule.matches(c.when); + bool typeRuleMatches = checkIfQueryTypeMatches(c); + + if (qRateMatches || typeRuleMatches) { + auto& entry = counts[AddressAndPortRange(c.requestor, c.requestor.isIPv4() ? d_v4Mask : d_v6Mask, d_portMask)]; + if (qRateMatches) { + ++entry.queries; + } + if (typeRuleMatches) { + ++entry.d_qtypeCounts[c.qtype]; + } + } + } + } +} + +void DynBlockRulesGroup::processResponseRules(counts_t& counts, StatNode& root, const struct timespec& now) +{ + if (!hasResponseRules() && !hasSuffixMatchRules()) { + return; + } + + struct timespec responseCutOff = now; + + d_respRateRule.d_cutOff = d_respRateRule.d_minTime = now; + d_respRateRule.d_cutOff.tv_sec -= d_respRateRule.d_seconds; + if (d_respRateRule.d_cutOff < responseCutOff) { + responseCutOff = d_respRateRule.d_cutOff; + } + + d_suffixMatchRule.d_cutOff = d_suffixMatchRule.d_minTime = now; + d_suffixMatchRule.d_cutOff.tv_sec -= d_suffixMatchRule.d_seconds; + if (d_suffixMatchRule.d_cutOff < responseCutOff) { + responseCutOff = d_suffixMatchRule.d_cutOff; + } + + for (auto& rule : d_rcodeRules) { + rule.second.d_cutOff = rule.second.d_minTime = now; + rule.second.d_cutOff.tv_sec -= rule.second.d_seconds; + if (rule.second.d_cutOff < responseCutOff) { + responseCutOff = rule.second.d_cutOff; + } + } + + for (auto& rule : d_rcodeRatioRules) { + rule.second.d_cutOff = rule.second.d_minTime = now; + rule.second.d_cutOff.tv_sec -= rule.second.d_seconds; + if (rule.second.d_cutOff < responseCutOff) { + responseCutOff = rule.second.d_cutOff; + } + } + + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->respRing.lock(); + for(const auto& c : *rl) { + if (now < c.when) { + continue; + } + + if (c.when < responseCutOff) { + continue; + } + + auto& entry = counts[AddressAndPortRange(c.requestor, c.requestor.isIPv4() ? d_v4Mask : d_v6Mask, d_portMask)]; + ++entry.responses; + + bool respRateMatches = d_respRateRule.matches(c.when); + bool suffixMatchRuleMatches = d_suffixMatchRule.matches(c.when); + bool rcodeRuleMatches = checkIfResponseCodeMatches(c); + + if (respRateMatches || rcodeRuleMatches) { + if (respRateMatches) { + entry.respBytes += c.size; + } + if (rcodeRuleMatches) { + ++entry.d_rcodeCounts[c.dh.rcode]; + } + } + + if (suffixMatchRuleMatches) { + root.submit(c.name, ((c.dh.rcode == 0 && c.usec == std::numeric_limits::max()) ? -1 : c.dh.rcode), c.size, boost::none); + } + } + } +} + +void DynBlockMaintenance::purgeExpired(const struct timespec& now) +{ + { + auto blocks = g_dynblockNMG.getLocal(); + std::vector toRemove; + for (const auto& entry : *blocks) { + if (!(now < entry.second.until)) { + toRemove.push_back(entry.first); + if (g_defaultBPFFilter && entry.second.bpf) { + try { + g_defaultBPFFilter->unblock(entry.first.getNetwork()); + } + catch (const std::exception& e) { + vinfolog("Error while removing eBPF dynamic block for %s: %s", entry.first.toString(), e.what()); + } + } + } + } + if (!toRemove.empty()) { + auto updated = g_dynblockNMG.getCopy(); + for (const auto& entry : toRemove) { + updated.erase(entry); + } + g_dynblockNMG.setState(std::move(updated)); + } + } + + { + std::vector toRemove; + auto blocks = g_dynblockSMT.getLocal(); + blocks->visit([&toRemove, now](const SuffixMatchTree& node) { + if (!(now < node.d_value.until)) { + toRemove.push_back(node.d_value.domain); + } + }); + if (!toRemove.empty()) { + auto updated = g_dynblockSMT.getCopy(); + for (const auto& entry : toRemove) { + updated.remove(entry); + } + g_dynblockSMT.setState(std::move(updated)); + } + } +} + +std::map>> DynBlockMaintenance::getTopNetmasks(size_t topN) +{ + std::map>> results; + if (topN == 0) { + return results; + } + + auto blocks = g_dynblockNMG.getLocal(); + for (const auto& entry : *blocks) { + auto& topsForReason = results[entry.second.reason]; + uint64_t value = entry.second.blocks.load(); + + if (g_defaultBPFFilter && entry.second.bpf) { + value += g_defaultBPFFilter->getHits(entry.first.getNetwork()); + } + + if (topsForReason.size() < topN || topsForReason.front().second < value) { + auto newEntry = std::pair(entry.first, value); + + if (topsForReason.size() >= topN) { + topsForReason.pop_front(); + } + + topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& a, const std::pair& b) { + return a.second < b.second; + }), + newEntry); + } + } + + return results; +} + +std::map>> DynBlockMaintenance::getTopSuffixes(size_t topN) +{ + std::map>> results; + if (topN == 0) { + return results; + } + + auto blocks = g_dynblockSMT.getLocal(); + blocks->visit([&results, topN](const SuffixMatchTree& node) { + auto& topsForReason = results[node.d_value.reason]; + if (topsForReason.size() < topN || topsForReason.front().second < node.d_value.blocks) { + auto newEntry = std::pair(node.d_value.domain, node.d_value.blocks.load()); + + if (topsForReason.size() >= topN) { + topsForReason.pop_front(); + } + + topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& a, const std::pair& b) { + return a.second < b.second; + }), + newEntry); + } + }); + + return results; +} + +struct DynBlockEntryStat +{ + size_t sum; + unsigned int lastSeenValue{0}; +}; + +std::list DynBlockMaintenance::s_metricsData; + +LockGuarded DynBlockMaintenance::s_tops; +size_t DynBlockMaintenance::s_topN{20}; +time_t DynBlockMaintenance::s_expiredDynBlocksPurgeInterval{60}; + +void DynBlockMaintenance::collectMetrics() +{ + MetricsSnapshot snapshot; + /* over sampling to get entries that are not in the top N + every time a chance to be at the end */ + snapshot.smtData = getTopSuffixes(s_topN * 5); + snapshot.nmgData = getTopNetmasks(s_topN * 5); + + if (s_metricsData.size() >= 7) { + s_metricsData.pop_front(); + } + s_metricsData.push_back(std::move(snapshot)); +} + +void DynBlockMaintenance::generateMetrics() +{ + if (s_metricsData.empty()) { + return; + } + + /* do NMG */ + std::map> nm; + for (const auto& reason : s_metricsData.front().nmgData) { + auto& reasonStat = nm[reason.first]; + + /* prepare the counters by scanning the oldest entry (N+1) */ + for (const auto& entry : reason.second) { + auto& stat = reasonStat[entry.first]; + stat.sum = 0; + stat.lastSeenValue = entry.second; + } + } + + /* scan all the N entries, updating the counters */ + bool first = true; + for (const auto& snap : s_metricsData) { + if (first) { + first = false; + continue; + } + + auto& nmgData = snap.nmgData; + for (const auto& reason : nmgData) { + auto& reasonStat = nm[reason.first]; + for (const auto& entry : reason.second) { + auto& stat = reasonStat[entry.first]; + if (entry.second < stat.lastSeenValue) { + /* it wrapped, or we did not have a last value */ + stat.sum += entry.second; + } + else { + stat.sum += entry.second - stat.lastSeenValue; + } + stat.lastSeenValue = entry.second; + } + } + } + + /* now we need to get the top N entries (for each "reason") based on our counters (sum of the last N entries) */ + std::map>> topNMGs; + { + for (const auto& reason : nm) { + auto& topsForReason = topNMGs[reason.first]; + for (const auto& entry : reason.second) { + if (topsForReason.size() < s_topN || topsForReason.front().second < entry.second.sum) { + /* Note that this is a gauge, so we need to divide by the number of elapsed seconds */ + auto newEntry = std::pair(entry.first, std::round(entry.second.sum / 60.0)); + if (topsForReason.size() >= s_topN) { + topsForReason.pop_front(); + } + + topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& a, const std::pair& b) { + return a.second < b.second; + }), + newEntry); + } + } + } + } + + /* do SMT */ + std::map> smt; + for (const auto& reason : s_metricsData.front().smtData) { + auto& reasonStat = smt[reason.first]; + + /* prepare the counters by scanning the oldest entry (N+1) */ + for (const auto& entry : reason.second) { + auto& stat = reasonStat[entry.first]; + stat.sum = 0; + stat.lastSeenValue = entry.second; + } + } + + /* scan all the N entries, updating the counters */ + first = true; + for (const auto& snap : s_metricsData) { + if (first) { + first = false; + continue; + } + + auto& smtData = snap.smtData; + for (const auto& reason : smtData) { + auto& reasonStat = smt[reason.first]; + for (const auto& entry : reason.second) { + auto& stat = reasonStat[entry.first]; + if (entry.second < stat.lastSeenValue) { + /* it wrapped, or we did not have a last value */ + stat.sum = entry.second; + } + else { + stat.sum = entry.second - stat.lastSeenValue; + } + stat.lastSeenValue = entry.second; + } + } + } + + /* now we need to get the top N entries (for each "reason") based on our counters (sum of the last N entries) */ + std::map>> topSMTs; + { + for (const auto& reason : smt) { + auto& topsForReason = topSMTs[reason.first]; + for (const auto& entry : reason.second) { + if (topsForReason.size() < s_topN || topsForReason.front().second < entry.second.sum) { + /* Note that this is a gauge, so we need to divide by the number of elapsed seconds */ + auto newEntry = std::pair(entry.first, std::round(entry.second.sum / 60.0)); + if (topsForReason.size() >= s_topN) { + topsForReason.pop_front(); + } + + topsForReason.insert(std::lower_bound(topsForReason.begin(), topsForReason.end(), newEntry, [](const std::pair& a, const std::pair& b) { + return a.second < b.second; + }), + newEntry); + } + } + } + } + + { + auto tops = s_tops.lock(); + tops->topNMGsByReason = std::move(topNMGs); + tops->topSMTsByReason = std::move(topSMTs); + } +} + +void DynBlockMaintenance::run() +{ + /* alright, so the main idea is to: + 1/ clean up the NMG and SMT from expired entries from time to time + 2/ generate metrics that can be used in the API and prometheus endpoints + */ + + static const time_t metricsCollectionInterval = 10; + static const time_t metricsGenerationInterval = 60; + + time_t now = time(nullptr); + time_t nextExpiredPurge = now + s_expiredDynBlocksPurgeInterval; + time_t nextMetricsCollect = now + metricsCollectionInterval; + time_t nextMetricsGeneration = now + metricsGenerationInterval; + + while (true) { + time_t sleepDelay = std::numeric_limits::max(); + if (s_expiredDynBlocksPurgeInterval > 0) { + sleepDelay = std::min(sleepDelay, (nextExpiredPurge - now)); + } + sleepDelay = std::min(sleepDelay, (nextMetricsCollect - now)); + sleepDelay = std::min(sleepDelay, (nextMetricsGeneration - now)); + + sleep(sleepDelay); + + try { + now = time(nullptr); + if (now >= nextMetricsCollect) { + /* every ten seconds we store the top N entries */ + collectMetrics(); + + now = time(nullptr); + nextMetricsCollect = now + metricsCollectionInterval; + } + + if (now >= nextMetricsGeneration) { + generateMetrics(); + + now = time(nullptr); + /* every minute we compute the averaged top N entries of the last 60 seconds, + and update the cached entry. */ + nextMetricsGeneration = now + metricsGenerationInterval; + } + + if (s_expiredDynBlocksPurgeInterval > 0 && now >= nextExpiredPurge) { + struct timespec tspec; + gettime(&tspec); + purgeExpired(tspec); + + now = time(nullptr); + nextExpiredPurge = now + s_expiredDynBlocksPurgeInterval; + } + } + catch (const std::exception& e) { + warnlog("Error in the dynamic block maintenance thread: %s", e.what()); + } + catch (...) { + } + } +} + +std::map>> DynBlockMaintenance::getHitsForTopNetmasks() +{ + return s_tops.lock()->topNMGsByReason; +} + +std::map>> DynBlockMaintenance::getHitsForTopSuffixes() +{ + return s_tops.lock()->topSMTsByReason; +} diff --git a/dnsdist-dynblocks.hh b/dnsdist-dynblocks.hh new file mode 100644 index 0000000..7bd9d97 --- /dev/null +++ b/dnsdist-dynblocks.hh @@ -0,0 +1,437 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include + +#include "dolog.hh" +#include "dnsdist-rings.hh" +#include "statnode.hh" + +#include "dnsdist-lua-inspection-ffi.hh" + +// dnsdist_ffi_stat_node_t is a lightuserdata +template<> +struct LuaContext::Pusher { + static const int minSize = 1; + static const int maxSize = 1; + + static PushedObject push(lua_State* state, dnsdist_ffi_stat_node_t* ptr) noexcept { + lua_pushlightuserdata(state, ptr); + return PushedObject{state, 1}; + } +}; + +typedef std::function dnsdist_ffi_stat_node_visitor_t; + +struct dnsdist_ffi_stat_node_t +{ + dnsdist_ffi_stat_node_t(const StatNode& node_, const StatNode::Stat& self_, const StatNode::Stat& children_, std::optional& reason_): node(node_), self(self_), children(children_), reason(reason_) + { + } + + const StatNode& node; + const StatNode::Stat& self; + const StatNode::Stat& children; + std::optional& reason; +}; + +class DynBlockRulesGroup +{ +private: + + struct Counts + { + std::map d_rcodeCounts; + std::map d_qtypeCounts; + uint64_t queries{0}; + uint64_t responses{0}; + uint64_t respBytes{0}; + }; + + struct DynBlockRule + { + DynBlockRule(): d_enabled(false) + { + } + + DynBlockRule(const std::string& blockReason, unsigned int blockDuration, unsigned int rate, unsigned int warningRate, unsigned int seconds, DNSAction::Action action): d_blockReason(blockReason), d_blockDuration(blockDuration), d_rate(rate), d_warningRate(warningRate), d_seconds(seconds), d_action(action), d_enabled(true) + { + } + + bool matches(const struct timespec& when) + { + if (!d_enabled) { + return false; + } + + if (d_seconds && when < d_cutOff) { + return false; + } + + if (when < d_minTime) { + d_minTime = when; + } + + return true; + } + + bool rateExceeded(unsigned int count, const struct timespec& now) const + { + if (!d_enabled) { + return false; + } + + double delta = d_seconds ? d_seconds : DiffTime(now, d_minTime); + double limit = delta * d_rate; + return (count > limit); + } + + bool warningRateExceeded(unsigned int count, const struct timespec& now) const + { + if (!d_enabled) { + return false; + } + + if (d_warningRate == 0) { + return false; + } + + double delta = d_seconds ? d_seconds : DiffTime(now, d_minTime); + double limit = delta * d_warningRate; + return (count > limit); + } + + bool isEnabled() const + { + return d_enabled; + } + + std::string toString() const + { + if (!isEnabled()) { + return ""; + } + + std::stringstream result; + if (d_action != DNSAction::Action::None) { + result << DNSAction::typeToString(d_action) << " "; + } + else { + result << "Apply the global DynBlock action "; + } + result << "for " << std::to_string(d_blockDuration) << " seconds when over " << std::to_string(d_rate) << " during the last " << d_seconds << " seconds, reason: '" << d_blockReason << "'"; + + return result.str(); + } + + std::string d_blockReason; + struct timespec d_cutOff; + struct timespec d_minTime; + unsigned int d_blockDuration{0}; + unsigned int d_rate{0}; + unsigned int d_warningRate{0}; + unsigned int d_seconds{0}; + DNSAction::Action d_action{DNSAction::Action::None}; + bool d_enabled{false}; + }; + + struct DynBlockRatioRule: DynBlockRule + { + DynBlockRatioRule(): DynBlockRule() + { + } + + DynBlockRatioRule(const std::string& blockReason, unsigned int blockDuration, double ratio, double warningRatio, unsigned int seconds, DNSAction::Action action, size_t minimumNumberOfResponses): DynBlockRule(blockReason, blockDuration, 0, 0, seconds, action), d_minimumNumberOfResponses(minimumNumberOfResponses), d_ratio(ratio), d_warningRatio(warningRatio) + { + } + + bool ratioExceeded(unsigned int total, unsigned int count) const + { + if (!d_enabled) { + return false; + } + + if (total < d_minimumNumberOfResponses) { + return false; + } + + double allowed = d_ratio * static_cast(total); + return (count > allowed); + } + + bool warningRatioExceeded(unsigned int total, unsigned int count) const + { + if (!d_enabled) { + return false; + } + + if (d_warningRatio == 0.0) { + return false; + } + + if (total < d_minimumNumberOfResponses) { + return false; + } + + double allowed = d_warningRatio * static_cast(total); + return (count > allowed); + } + + std::string toString() const + { + if (!isEnabled()) { + return ""; + } + + std::stringstream result; + if (d_action != DNSAction::Action::None) { + result << DNSAction::typeToString(d_action) << " "; + } + else { + result << "Apply the global DynBlock action "; + } + result << "for " << std::to_string(d_blockDuration) << " seconds when over " << std::to_string(d_ratio) << " ratio during the last " << d_seconds << " seconds, reason: '" << d_blockReason << "'"; + + return result.str(); + } + + size_t d_minimumNumberOfResponses{0}; + double d_ratio{0.0}; + double d_warningRatio{0.0}; + }; + + typedef std::unordered_map counts_t; + +public: + DynBlockRulesGroup() + { + } + + void setQueryRate(unsigned int rate, unsigned int warningRate, unsigned int seconds, std::string reason, unsigned int blockDuration, DNSAction::Action action) + { + d_queryRateRule = DynBlockRule(reason, blockDuration, rate, warningRate, seconds, action); + } + + /* rate is in bytes per second */ + void setResponseByteRate(unsigned int rate, unsigned int warningRate, unsigned int seconds, std::string reason, unsigned int blockDuration, DNSAction::Action action) + { + d_respRateRule = DynBlockRule(reason, blockDuration, rate, warningRate, seconds, action); + } + + void setRCodeRate(uint8_t rcode, unsigned int rate, unsigned int warningRate, unsigned int seconds, std::string reason, unsigned int blockDuration, DNSAction::Action action) + { + auto& entry = d_rcodeRules[rcode]; + entry = DynBlockRule(reason, blockDuration, rate, warningRate, seconds, action); + } + + void setRCodeRatio(uint8_t rcode, double ratio, double warningRatio, unsigned int seconds, std::string reason, unsigned int blockDuration, DNSAction::Action action, size_t minimumNumberOfResponses) + { + auto& entry = d_rcodeRatioRules[rcode]; + entry = DynBlockRatioRule(reason, blockDuration, ratio, warningRatio, seconds, action, minimumNumberOfResponses); + } + + void setQTypeRate(uint16_t qtype, unsigned int rate, unsigned int warningRate, unsigned int seconds, std::string reason, unsigned int blockDuration, DNSAction::Action action) + { + auto& entry = d_qtypeRules[qtype]; + entry = DynBlockRule(reason, blockDuration, rate, warningRate, seconds, action); + } + + typedef std::function>(const StatNode&, const StatNode::Stat&, const StatNode::Stat&)> smtVisitor_t; + + void setSuffixMatchRule(unsigned int seconds, std::string reason, unsigned int blockDuration, DNSAction::Action action, smtVisitor_t visitor) + { + d_suffixMatchRule = DynBlockRule(reason, blockDuration, 0, 0, seconds, action); + d_smtVisitor = visitor; + } + + void setSuffixMatchRuleFFI(unsigned int seconds, std::string reason, unsigned int blockDuration, DNSAction::Action action, dnsdist_ffi_stat_node_visitor_t visitor) + { + d_suffixMatchRule = DynBlockRule(reason, blockDuration, 0, 0, seconds, action); + d_smtVisitorFFI = visitor; + } + + void setMasks(uint8_t v4, uint8_t v6, uint8_t port) + { + d_v4Mask = v4; + d_v6Mask = v6; + d_portMask = port; + } + + void apply() + { + struct timespec now; + gettime(&now); + + apply(now); + } + + void apply(const struct timespec& now); + + void excludeRange(const Netmask& range) + { + d_excludedSubnets.addMask(range); + } + + void excludeRange(const NetmaskGroup& group) + { + d_excludedSubnets.addMasks(group, true); + } + + void includeRange(const Netmask& range) + { + d_excludedSubnets.addMask(range, false); + } + + void includeRange(const NetmaskGroup& group) + { + d_excludedSubnets.addMasks(group, false); + } + + void excludeDomain(const DNSName& domain) + { + d_excludedDomains.add(domain); + } + + std::string toString() const + { + std::stringstream result; + + result << "Query rate rule: " << d_queryRateRule.toString() << std::endl; + result << "Response rate rule: " << d_respRateRule.toString() << std::endl; + result << "SuffixMatch rule: " << d_suffixMatchRule.toString() << std::endl; + result << "RCode rules: " << std::endl; + for (const auto& rule : d_rcodeRules) { + result << "- " << RCode::to_s(rule.first) << ": " << rule.second.toString() << std::endl; + } + for (const auto& rule : d_rcodeRatioRules) { + result << "- " << RCode::to_s(rule.first) << ": " << rule.second.toString() << std::endl; + } + result << "QType rules: " << std::endl; + for (const auto& rule : d_qtypeRules) { + result << "- " << QType(rule.first).toString() << ": " << rule.second.toString() << std::endl; + } + result << "Excluded Subnets: " << d_excludedSubnets.toString() << std::endl; + result << "Excluded Domains: " << d_excludedDomains.toString() << std::endl; + + return result.str(); + } + + void setQuiet(bool quiet) + { + d_beQuiet = quiet; + } + +private: + + bool checkIfQueryTypeMatches(const Rings::Query& query); + bool checkIfResponseCodeMatches(const Rings::Response& response); + void addOrRefreshBlock(boost::optional >& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated, bool warning); + void addOrRefreshBlockSMT(SuffixMatchTree& blocks, const struct timespec& now, const DNSName& name, const DynBlockRule& rule, bool& updated); + + void addBlock(boost::optional >& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated) + { + addOrRefreshBlock(blocks, now, requestor, rule, updated, false); + } + + void handleWarning(boost::optional >& blocks, const struct timespec& now, const AddressAndPortRange& requestor, const DynBlockRule& rule, bool& updated) + { + addOrRefreshBlock(blocks, now, requestor, rule, updated, true); + } + + bool hasQueryRules() const + { + return d_queryRateRule.isEnabled() || !d_qtypeRules.empty(); + } + + bool hasResponseRules() const + { + return d_respRateRule.isEnabled() || !d_rcodeRules.empty() || !d_rcodeRatioRules.empty(); + } + + bool hasSuffixMatchRules() const + { + return d_suffixMatchRule.isEnabled(); + } + + bool hasRules() const + { + return hasQueryRules() || hasResponseRules(); + } + + void processQueryRules(counts_t& counts, const struct timespec& now); + void processResponseRules(counts_t& counts, StatNode& root, const struct timespec& now); + + std::map d_rcodeRules; + std::map d_rcodeRatioRules; + std::map d_qtypeRules; + DynBlockRule d_queryRateRule; + DynBlockRule d_respRateRule; + DynBlockRule d_suffixMatchRule; + NetmaskGroup d_excludedSubnets; + SuffixMatchNode d_excludedDomains; + smtVisitor_t d_smtVisitor; + dnsdist_ffi_stat_node_visitor_t d_smtVisitorFFI; + uint8_t d_v6Mask{128}; + uint8_t d_v4Mask{32}; + uint8_t d_portMask{0}; + bool d_beQuiet{false}; +}; + +class DynBlockMaintenance +{ +public: + static void run(); + + /* return the (cached) number of hits per second for the top offenders, averaged over 60s */ + static std::map>> getHitsForTopNetmasks(); + static std::map>> getHitsForTopSuffixes(); + + /* get the the top offenders based on the current value of the counters */ + static std::map>> getTopNetmasks(size_t topN); + static std::map>> getTopSuffixes(size_t topN); + static void purgeExpired(const struct timespec& now); + + static time_t s_expiredDynBlocksPurgeInterval; + +private: + static void collectMetrics(); + static void generateMetrics(); + + struct MetricsSnapshot + { + std::map>> nmgData; + std::map>> smtData; + }; + + struct Tops + { + std::map>> topNMGsByReason; + std::map>> topSMTsByReason; + }; + + static LockGuarded s_tops; + /* s_metricsData should only be accessed by the dynamic blocks maintenance thread so it does not need a lock */ + // need N+1 datapoints to be able to do the diff after a collection point has been reached + static std::list s_metricsData; + static size_t s_topN; +}; diff --git a/dnsdist-dynbpf.cc b/dnsdist-dynbpf.cc new file mode 100644 index 0000000..ec549c3 --- /dev/null +++ b/dnsdist-dynbpf.cc @@ -0,0 +1,85 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "dnsdist-dynbpf.hh" + +bool DynBPFFilter::block(const ComboAddress& addr, const struct timespec& until) +{ + bool inserted = false; + auto data = d_data.lock(); + + if (data->d_excludedSubnets.match(addr)) { + /* do not add a block for excluded subnets */ + return inserted; + } + + const container_t::iterator it = data->d_entries.find(addr); + if (it != data->d_entries.end()) { + if (it->d_until < until) { + data->d_entries.replace(it, BlockEntry(addr, until)); + } + } + else { + data->d_bpf->block(addr, BPFFilter::MatchAction::Drop); + data->d_entries.insert(BlockEntry(addr, until)); + inserted = true; + } + return inserted; +} + +void DynBPFFilter::purgeExpired(const struct timespec& now) +{ + auto data = d_data.lock(); + + typedef nth_index::type ordered_until; + ordered_until& ou = get<1>(data->d_entries); + + for (ordered_until::iterator it = ou.begin(); it != ou.end(); ) { + if (it->d_until < now) { + ComboAddress addr = it->d_addr; + it = ou.erase(it); + data->d_bpf->unblock(addr); + } + else { + break; + } + } +} + +std::vector > DynBPFFilter::getAddrStats() +{ + std::vector > result; + auto data = d_data.lock(); + + if (!data->d_bpf) { + return result; + } + + const auto& stats = data->d_bpf->getAddrStats(); + result.reserve(stats.size()); + for (const auto& stat : stats) { + const container_t::iterator it = data->d_entries.find(stat.first); + if (it != data->d_entries.end()) { + result.push_back(std::make_tuple(stat.first, stat.second, it->d_until)); + } + } + return result; +} diff --git a/dnsdist-dynbpf.hh b/dnsdist-dynbpf.hh new file mode 100644 index 0000000..afe7796 --- /dev/null +++ b/dnsdist-dynbpf.hh @@ -0,0 +1,75 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once +#include "config.h" + +#include "bpf-filter.hh" +#include "iputils.hh" + +#include +#include + +class DynBPFFilter +{ +public: + DynBPFFilter(std::shared_ptr& bpf) + { + d_data.lock()->d_bpf = bpf; + } + ~DynBPFFilter() + { + } + void excludeRange(const Netmask& range) + { + d_data.lock()->d_excludedSubnets.addMask(range); + } + void includeRange(const Netmask& range) + { + d_data.lock()->d_excludedSubnets.addMask(range, false); + } + /* returns true if the addr wasn't already blocked, false otherwise */ + bool block(const ComboAddress& addr, const struct timespec& until); + void purgeExpired(const struct timespec& now); + std::vector > getAddrStats(); +private: + struct BlockEntry + { + BlockEntry(const ComboAddress& addr, const struct timespec until): d_addr(addr), d_until(until) + { + } + ComboAddress d_addr; + struct timespec d_until; + }; + typedef multi_index_container, ComboAddress::addressOnlyLessThan >, + ordered_non_unique< member > + > + > container_t; + struct Data { + container_t d_entries; + std::shared_ptr d_bpf{nullptr}; + NetmaskGroup d_excludedSubnets; + }; + LockGuarded d_data; +}; + diff --git a/dnsdist-ecs.cc b/dnsdist-ecs.cc new file mode 100644 index 0000000..e4e3bd6 --- /dev/null +++ b/dnsdist-ecs.cc @@ -0,0 +1,1070 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "dolog.hh" +#include "dnsdist.hh" +#include "dnsdist-ecs.hh" +#include "dnsparser.hh" +#include "dnswriter.hh" +#include "ednsoptions.hh" +#include "ednssubnet.hh" + +/* when we add EDNS to a query, we don't want to advertise + a large buffer size */ +size_t g_EdnsUDPPayloadSize = 512; +static const uint16_t defaultPayloadSizeSelfGenAnswers = 1232; +static_assert(defaultPayloadSizeSelfGenAnswers < s_udpIncomingBufferSize, "The UDP responder's payload size should be smaller or equal to our incoming buffer size"); +uint16_t g_PayloadSizeSelfGenAnswers{defaultPayloadSizeSelfGenAnswers}; + +/* draft-ietf-dnsop-edns-client-subnet-04 "11.1. Privacy" */ +uint16_t g_ECSSourcePrefixV4 = 24; +uint16_t g_ECSSourcePrefixV6 = 56; + +bool g_ECSOverride{false}; +bool g_addEDNSToSelfGeneratedResponses{true}; + +int rewriteResponseWithoutEDNS(const PacketBuffer& initialPacket, PacketBuffer& newContent) +{ + assert(initialPacket.size() >= sizeof(dnsheader)); + const struct dnsheader* dh = reinterpret_cast(initialPacket.data()); + + if (ntohs(dh->arcount) == 0) + return ENOENT; + + if (ntohs(dh->qdcount) == 0) + return ENOENT; + + PacketReader pr(pdns_string_view(reinterpret_cast(initialPacket.data()), initialPacket.size())); + + size_t idx = 0; + DNSName rrname; + uint16_t qdcount = ntohs(dh->qdcount); + uint16_t ancount = ntohs(dh->ancount); + uint16_t nscount = ntohs(dh->nscount); + uint16_t arcount = ntohs(dh->arcount); + uint16_t rrtype; + uint16_t rrclass; + string blob; + struct dnsrecordheader ah; + + rrname = pr.getName(); + rrtype = pr.get16BitInt(); + rrclass = pr.get16BitInt(); + + GenericDNSPacketWriter pw(newContent, rrname, rrtype, rrclass, dh->opcode); + pw.getHeader()->id=dh->id; + pw.getHeader()->qr=dh->qr; + pw.getHeader()->aa=dh->aa; + pw.getHeader()->tc=dh->tc; + pw.getHeader()->rd=dh->rd; + pw.getHeader()->ra=dh->ra; + pw.getHeader()->ad=dh->ad; + pw.getHeader()->cd=dh->cd; + pw.getHeader()->rcode=dh->rcode; + + /* consume remaining qd if any */ + if (qdcount > 1) { + for(idx = 1; idx < qdcount; idx++) { + rrname = pr.getName(); + rrtype = pr.get16BitInt(); + rrclass = pr.get16BitInt(); + (void) rrtype; + (void) rrclass; + } + } + + /* copy AN and NS */ + for (idx = 0; idx < ancount; idx++) { + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + pw.startRecord(rrname, ah.d_type, ah.d_ttl, ah.d_class, DNSResourceRecord::ANSWER, true); + pr.xfrBlob(blob); + pw.xfrBlob(blob); + } + + for (idx = 0; idx < nscount; idx++) { + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + pw.startRecord(rrname, ah.d_type, ah.d_ttl, ah.d_class, DNSResourceRecord::AUTHORITY, true); + pr.xfrBlob(blob); + pw.xfrBlob(blob); + } + /* consume AR, looking for OPT */ + for (idx = 0; idx < arcount; idx++) { + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + if (ah.d_type != QType::OPT) { + pw.startRecord(rrname, ah.d_type, ah.d_ttl, ah.d_class, DNSResourceRecord::ADDITIONAL, true); + pr.xfrBlob(blob); + pw.xfrBlob(blob); + } else { + + pr.skip(ah.d_clen); + } + } + pw.commit(); + + return 0; +} + +static bool addOrReplaceEDNSOption(std::vector>& options, uint16_t optionCode, bool& optionAdded, bool overrideExisting, const string& newOptionContent) +{ + for (auto it = options.begin(); it != options.end(); ) { + if (it->first == optionCode) { + optionAdded = false; + + if (!overrideExisting) { + return false; + } + + it = options.erase(it); + } + else { + ++it; + } + } + + options.emplace_back(optionCode, std::string(&newOptionContent.at(EDNS_OPTION_CODE_SIZE + EDNS_OPTION_LENGTH_SIZE), newOptionContent.size() - (EDNS_OPTION_CODE_SIZE + EDNS_OPTION_LENGTH_SIZE))); + return true; +} + +bool slowRewriteEDNSOptionInQueryWithRecords(const PacketBuffer& initialPacket, PacketBuffer& newContent, bool& ednsAdded, uint16_t optionToReplace, bool& optionAdded, bool overrideExisting, const string& newOptionContent) +{ + assert(initialPacket.size() >= sizeof(dnsheader)); + const struct dnsheader* dh = reinterpret_cast(initialPacket.data()); + + if (ntohs(dh->qdcount) == 0) { + return false; + } + + if (ntohs(dh->ancount) == 0 && ntohs(dh->nscount) == 0 && ntohs(dh->arcount) == 0) { + throw std::runtime_error(std::string(__PRETTY_FUNCTION__) + " should not be called for queries that have no records"); + } + + optionAdded = false; + ednsAdded = true; + + PacketReader pr(pdns_string_view(reinterpret_cast(initialPacket.data()), initialPacket.size())); + + size_t idx = 0; + DNSName rrname; + uint16_t qdcount = ntohs(dh->qdcount); + uint16_t ancount = ntohs(dh->ancount); + uint16_t nscount = ntohs(dh->nscount); + uint16_t arcount = ntohs(dh->arcount); + uint16_t rrtype; + uint16_t rrclass; + string blob; + struct dnsrecordheader ah; + + rrname = pr.getName(); + rrtype = pr.get16BitInt(); + rrclass = pr.get16BitInt(); + + GenericDNSPacketWriter pw(newContent, rrname, rrtype, rrclass, dh->opcode); + pw.getHeader()->id=dh->id; + pw.getHeader()->qr=dh->qr; + pw.getHeader()->aa=dh->aa; + pw.getHeader()->tc=dh->tc; + pw.getHeader()->rd=dh->rd; + pw.getHeader()->ra=dh->ra; + pw.getHeader()->ad=dh->ad; + pw.getHeader()->cd=dh->cd; + pw.getHeader()->rcode=dh->rcode; + + /* consume remaining qd if any */ + if (qdcount > 1) { + for(idx = 1; idx < qdcount; idx++) { + rrname = pr.getName(); + rrtype = pr.get16BitInt(); + rrclass = pr.get16BitInt(); + (void) rrtype; + (void) rrclass; + } + } + + /* copy AN and NS */ + for (idx = 0; idx < ancount; idx++) { + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + pw.startRecord(rrname, ah.d_type, ah.d_ttl, ah.d_class, DNSResourceRecord::ANSWER, true); + pr.xfrBlob(blob); + pw.xfrBlob(blob); + } + + for (idx = 0; idx < nscount; idx++) { + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + pw.startRecord(rrname, ah.d_type, ah.d_ttl, ah.d_class, DNSResourceRecord::AUTHORITY, true); + pr.xfrBlob(blob); + pw.xfrBlob(blob); + } + + /* consume AR, looking for OPT */ + for (idx = 0; idx < arcount; idx++) { + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + if (ah.d_type != QType::OPT) { + pw.startRecord(rrname, ah.d_type, ah.d_ttl, ah.d_class, DNSResourceRecord::ADDITIONAL, true); + pr.xfrBlob(blob); + pw.xfrBlob(blob); + } else { + + ednsAdded = false; + pr.xfrBlob(blob); + + std::vector> options; + getEDNSOptionsFromContent(blob, options); + + EDNS0Record edns0; + static_assert(sizeof(edns0) == sizeof(ah.d_ttl), "sizeof(EDNS0Record) must match sizeof(uint32_t) AKA RR TTL size"); + memcpy(&edns0, &ah.d_ttl, sizeof(edns0)); + + /* addOrReplaceEDNSOption will set it to false if there is already an existing option */ + optionAdded = true; + addOrReplaceEDNSOption(options, optionToReplace, optionAdded, overrideExisting, newOptionContent); + pw.addOpt(ah.d_class, edns0.extRCode, edns0.extFlags, options, edns0.version); + } + } + + if (ednsAdded) { + pw.addOpt(g_EdnsUDPPayloadSize, 0, 0, {{optionToReplace, std::string(&newOptionContent.at(EDNS_OPTION_CODE_SIZE + EDNS_OPTION_LENGTH_SIZE), newOptionContent.size() - (EDNS_OPTION_CODE_SIZE + EDNS_OPTION_LENGTH_SIZE))}}, 0); + optionAdded = true; + } + + pw.commit(); + + return true; +} + +static bool slowParseEDNSOptions(const PacketBuffer& packet, std::shared_ptr >& options) +{ + if (packet.size() < sizeof(dnsheader)) { + return false; + } + + const struct dnsheader* dh = reinterpret_cast(packet.data()); + + if (ntohs(dh->qdcount) == 0) { + return false; + } + + if (ntohs(dh->arcount) == 0) { + throw std::runtime_error("slowParseEDNSOptions() should not be called for queries that have no EDNS"); + } + + try { + uint64_t numrecords = ntohs(dh->ancount) + ntohs(dh->nscount) + ntohs(dh->arcount); + DNSPacketMangler dpm(const_cast(reinterpret_cast(&packet.at(0))), packet.size()); + uint64_t n; + for(n=0; n < ntohs(dh->qdcount) ; ++n) { + dpm.skipDomainName(); + /* type and class */ + dpm.skipBytes(4); + } + + for(n=0; n < numrecords; ++n) { + dpm.skipDomainName(); + + uint8_t section = n < ntohs(dh->ancount) ? 1 : (n < (ntohs(dh->ancount) + ntohs(dh->nscount)) ? 2 : 3); + uint16_t dnstype = dpm.get16BitInt(); + dpm.get16BitInt(); + dpm.skipBytes(4); /* TTL */ + + if(section == 3 && dnstype == QType::OPT) { + uint32_t offset = dpm.getOffset(); + if (offset >= packet.size()) { + return false; + } + /* if we survive this call, we can parse it safely */ + dpm.skipRData(); + return getEDNSOptions(reinterpret_cast(&packet.at(offset)), packet.size() - offset, *options) == 0; + } + else { + dpm.skipRData(); + } + } + } + catch(...) + { + return false; + } + + return true; +} + +int locateEDNSOptRR(const PacketBuffer& packet, uint16_t * optStart, size_t * optLen, bool * last) +{ + assert(optStart != NULL); + assert(optLen != NULL); + assert(last != NULL); + const struct dnsheader* dh = reinterpret_cast(packet.data()); + + if (ntohs(dh->arcount) == 0) + return ENOENT; + + PacketReader pr(pdns_string_view(reinterpret_cast(packet.data()), packet.size())); + + size_t idx = 0; + DNSName rrname; + uint16_t qdcount = ntohs(dh->qdcount); + uint16_t ancount = ntohs(dh->ancount); + uint16_t nscount = ntohs(dh->nscount); + uint16_t arcount = ntohs(dh->arcount); + uint16_t rrtype; + uint16_t rrclass; + struct dnsrecordheader ah; + + /* consume qd */ + for(idx = 0; idx < qdcount; idx++) { + rrname = pr.getName(); + rrtype = pr.get16BitInt(); + rrclass = pr.get16BitInt(); + (void) rrtype; + (void) rrclass; + } + + /* consume AN and NS */ + for (idx = 0; idx < ancount + nscount; idx++) { + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + pr.skip(ah.d_clen); + } + + /* consume AR, looking for OPT */ + for (idx = 0; idx < arcount; idx++) { + uint16_t start = pr.getPosition(); + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + if (ah.d_type == QType::OPT) { + *optStart = start; + *optLen = (pr.getPosition() - start) + ah.d_clen; + + if (packet.size() < (*optStart + *optLen)) { + throw std::range_error("Opt record overflow"); + } + + if (idx == ((size_t) arcount - 1)) { + *last = true; + } + else { + *last = false; + } + return 0; + } + pr.skip(ah.d_clen); + } + + return ENOENT; +} + +/* extract the start of the OPT RR in a QUERY packet if any */ +int getEDNSOptionsStart(const PacketBuffer& packet, const size_t offset, uint16_t* optRDPosition, size_t* remaining) +{ + assert(optRDPosition != nullptr); + assert(remaining != nullptr); + const struct dnsheader* dh = reinterpret_cast(packet.data()); + + if (offset >= packet.size()) { + return ENOENT; + } + + if (ntohs(dh->qdcount) != 1 || ntohs(dh->ancount) != 0 || ntohs(dh->arcount) != 1 || ntohs(dh->nscount) != 0) + return ENOENT; + + size_t pos = sizeof(dnsheader) + offset; + pos += DNS_TYPE_SIZE + DNS_CLASS_SIZE; + + if (pos >= packet.size()) + return ENOENT; + + if ((pos + /* root */ 1 + DNS_TYPE_SIZE + DNS_CLASS_SIZE) >= packet.size()) { + return ENOENT; + } + + if (packet[pos] != 0) { + /* not the root so not an OPT record */ + return ENOENT; + } + pos += 1; + + uint16_t qtype = packet.at(pos)*256 + packet.at(pos+1); + pos += DNS_TYPE_SIZE; + pos += DNS_CLASS_SIZE; + + if (qtype != QType::OPT || (packet.size() - pos) < (DNS_TTL_SIZE + DNS_RDLENGTH_SIZE)) { + return ENOENT; + } + + pos += DNS_TTL_SIZE; + *optRDPosition = pos; + *remaining = packet.size() - pos; + + return 0; +} + +void generateECSOption(const ComboAddress& source, string& res, uint16_t ECSPrefixLength) +{ + Netmask sourceNetmask(source, ECSPrefixLength); + EDNSSubnetOpts ecsOpts; + ecsOpts.source = sourceNetmask; + string payload = makeEDNSSubnetOptsString(ecsOpts); + generateEDNSOption(EDNSOptionCode::ECS, payload, res); +} + +bool generateOptRR(const std::string& optRData, PacketBuffer& res, size_t maximumSize, uint16_t udpPayloadSize, uint8_t ednsrcode, bool dnssecOK) +{ + const uint8_t name = 0; + dnsrecordheader dh; + EDNS0Record edns0; + edns0.extRCode = ednsrcode; + edns0.version = 0; + edns0.extFlags = dnssecOK ? htons(EDNS_HEADER_FLAG_DO) : 0; + + if ((maximumSize - res.size()) < (sizeof(name) + sizeof(dh) + optRData.length())) { + return false; + } + + dh.d_type = htons(QType::OPT); + dh.d_class = htons(udpPayloadSize); + static_assert(sizeof(EDNS0Record) == sizeof(dh.d_ttl), "sizeof(EDNS0Record) must match sizeof(dnsrecordheader.d_ttl)"); + memcpy(&dh.d_ttl, &edns0, sizeof edns0); + dh.d_clen = htons(static_cast(optRData.length())); + + res.reserve(res.size() + sizeof(name) + sizeof(dh) + optRData.length()); + res.insert(res.end(), reinterpret_cast(&name), reinterpret_cast(&name) + sizeof(name)); + res.insert(res.end(), reinterpret_cast(&dh), reinterpret_cast(&dh) + sizeof(dh)); + res.insert(res.end(), reinterpret_cast(optRData.data()), reinterpret_cast(optRData.data()) + optRData.length()); + + return true; +} + +static bool replaceEDNSClientSubnetOption(PacketBuffer& packet, size_t maximumSize, size_t const oldEcsOptionStartPosition, size_t const oldEcsOptionSize, size_t const optRDLenPosition, const string& newECSOption) +{ + assert(oldEcsOptionStartPosition < packet.size()); + assert(optRDLenPosition < packet.size()); + + if (newECSOption.size() == oldEcsOptionSize) { + /* same size as the existing option */ + memcpy(&packet.at(oldEcsOptionStartPosition), newECSOption.c_str(), oldEcsOptionSize); + } + else { + /* different size than the existing option */ + const unsigned int newPacketLen = packet.size() + (newECSOption.length() - oldEcsOptionSize); + const size_t beforeOptionLen = oldEcsOptionStartPosition; + const size_t dataBehindSize = packet.size() - beforeOptionLen - oldEcsOptionSize; + + /* check that it fits in the existing buffer */ + if (newPacketLen > packet.size()) { + if (newPacketLen > maximumSize) { + return false; + } + + packet.resize(newPacketLen); + } + + /* fix the size of ECS Option RDLen */ + uint16_t newRDLen = (packet.at(optRDLenPosition) * 256) + packet.at(optRDLenPosition + 1); + newRDLen += (newECSOption.size() - oldEcsOptionSize); + packet.at(optRDLenPosition) = newRDLen / 256; + packet.at(optRDLenPosition + 1) = newRDLen % 256; + + if (dataBehindSize > 0) { + memmove(&packet.at(oldEcsOptionStartPosition), &packet.at(oldEcsOptionStartPosition + oldEcsOptionSize), dataBehindSize); + } + memcpy(&packet.at(oldEcsOptionStartPosition + dataBehindSize), newECSOption.c_str(), newECSOption.size()); + packet.resize(newPacketLen); + } + + return true; +} + +/* This function looks for an OPT RR, return true if a valid one was found (even if there was no options) + and false otherwise. */ +bool parseEDNSOptions(const DNSQuestion& dq) +{ + const auto dh = dq.getHeader(); + if (dq.ednsOptions != nullptr) { + return true; + } + + dq.ednsOptions = std::make_shared >(); + + if (ntohs(dh->arcount) == 0) { + /* nothing in additional so no EDNS */ + return false; + } + + if (ntohs(dh->ancount) != 0 || ntohs(dh->nscount) != 0 || ntohs(dh->arcount) > 1) { + return slowParseEDNSOptions(dq.getData(), dq.ednsOptions); + } + + size_t remaining = 0; + uint16_t optRDPosition; + int res = getEDNSOptionsStart(dq.getData(), dq.qname->wirelength(), &optRDPosition, &remaining); + + if (res == 0) { + res = getEDNSOptions(reinterpret_cast(&dq.getData().at(optRDPosition)), remaining, *dq.ednsOptions); + return (res == 0); + } + + return false; +} + +static bool addECSToExistingOPT(PacketBuffer& packet, size_t maximumSize, const string& newECSOption, size_t optRDLenPosition, bool& ecsAdded) +{ + /* we need to add one EDNS0 ECS option, fixing the size of EDNS0 RDLENGTH */ + /* getEDNSOptionsStart has already checked that there is exactly one AR, + no NS and no AN */ + uint16_t oldRDLen = (packet.at(optRDLenPosition) * 256) + packet.at(optRDLenPosition + 1); + if (packet.size() != (optRDLenPosition + sizeof(uint16_t) + oldRDLen)) { + /* we are supposed to be the last record, do we have some trailing data to remove? */ + uint32_t realPacketLen = getDNSPacketLength(reinterpret_cast(packet.data()), packet.size()); + packet.resize(realPacketLen); + } + + if ((maximumSize - packet.size()) < newECSOption.size()) { + return false; + } + + uint16_t newRDLen = oldRDLen + newECSOption.size(); + packet.at(optRDLenPosition) = newRDLen / 256; + packet.at(optRDLenPosition + 1) = newRDLen % 256; + + packet.insert(packet.end(), newECSOption.begin(), newECSOption.end()); + ecsAdded = true; + + return true; +} + +static bool addEDNSWithECS(PacketBuffer& packet, size_t maximumSize, const string& newECSOption, bool& ednsAdded, bool& ecsAdded) +{ + if (!generateOptRR(newECSOption, packet, maximumSize, g_EdnsUDPPayloadSize, 0, false)) { + return false; + } + + struct dnsheader* dh = reinterpret_cast(packet.data()); + uint16_t arcount = ntohs(dh->arcount); + arcount++; + dh->arcount = htons(arcount); + ednsAdded = true; + ecsAdded = true; + + return true; +} + +bool handleEDNSClientSubnet(PacketBuffer& packet, const size_t maximumSize, const size_t qnameWireLength, bool& ednsAdded, bool& ecsAdded, bool overrideExisting, const string& newECSOption) +{ + assert(qnameWireLength <= packet.size()); + + const struct dnsheader* dh = reinterpret_cast(packet.data()); + + if (ntohs(dh->ancount) != 0 || ntohs(dh->nscount) != 0 || (ntohs(dh->arcount) != 0 && ntohs(dh->arcount) != 1)) { + PacketBuffer newContent; + newContent.reserve(packet.size()); + + if (!slowRewriteEDNSOptionInQueryWithRecords(packet, newContent, ednsAdded, EDNSOptionCode::ECS, ecsAdded, overrideExisting, newECSOption)) { + return false; + } + + if (newContent.size() > maximumSize) { + ednsAdded = false; + ecsAdded = false; + return false; + } + + packet = std::move(newContent); + return true; + } + + uint16_t optRDPosition = 0; + size_t remaining = 0; + + int res = getEDNSOptionsStart(packet, qnameWireLength, &optRDPosition, &remaining); + + if (res != 0) { + /* no EDNS but there might be another record in additional (TSIG?) */ + /* Careful, this code assumes that ANCOUNT == 0 && NSCOUNT == 0 */ + size_t minimumPacketSize = sizeof(dnsheader) + qnameWireLength + sizeof(uint16_t) + sizeof(uint16_t); + if (packet.size() > minimumPacketSize) { + if (ntohs(dh->arcount) == 0) { + /* well now.. */ + packet.resize(minimumPacketSize); + } + else { + uint32_t realPacketLen = getDNSPacketLength(reinterpret_cast(packet.data()), packet.size()); + packet.resize(realPacketLen); + } + } + + return addEDNSWithECS(packet, maximumSize, newECSOption, ednsAdded, ecsAdded); + } + + size_t ecsOptionStartPosition = 0; + size_t ecsOptionSize = 0; + + res = getEDNSOption(reinterpret_cast(&packet.at(optRDPosition)), remaining, EDNSOptionCode::ECS, &ecsOptionStartPosition, &ecsOptionSize); + + if (res == 0) { + /* there is already an ECS value */ + if (!overrideExisting) { + return true; + } + + return replaceEDNSClientSubnetOption(packet, maximumSize, optRDPosition + ecsOptionStartPosition, ecsOptionSize, optRDPosition, newECSOption); + } else { + /* we have an EDNS OPT RR but no existing ECS option */ + return addECSToExistingOPT(packet, maximumSize, newECSOption, optRDPosition, ecsAdded); + } + + return true; +} + +bool handleEDNSClientSubnet(DNSQuestion& dq, bool& ednsAdded, bool& ecsAdded) +{ + assert(dq.remote != nullptr); + string newECSOption; + generateECSOption(dq.ecsSet ? dq.ecs.getNetwork() : *dq.remote, newECSOption, dq.ecsSet ? dq.ecs.getBits() : dq.ecsPrefixLength); + + return handleEDNSClientSubnet(dq.getMutableData(), dq.getMaximumSize(), dq.qname->wirelength(), ednsAdded, ecsAdded, dq.ecsOverride, newECSOption); +} + +static int removeEDNSOptionFromOptions(unsigned char* optionsStart, const uint16_t optionsLen, const uint16_t optionCodeToRemove, uint16_t* newOptionsLen) +{ + unsigned char* p = optionsStart; + size_t pos = 0; + while ((pos + 4) <= optionsLen) { + unsigned char* optionBegin = p; + const uint16_t optionCode = 0x100*p[0] + p[1]; + p += sizeof(optionCode); + pos += sizeof(optionCode); + const uint16_t optionLen = 0x100*p[0] + p[1]; + p += sizeof(optionLen); + pos += sizeof(optionLen); + if ((pos + optionLen) > optionsLen) { + return EINVAL; + } + if (optionCode == optionCodeToRemove) { + if (pos + optionLen < optionsLen) { + /* move remaining options over the removed one, + if any */ + memmove(optionBegin, p + optionLen, optionsLen - (pos + optionLen)); + } + *newOptionsLen = optionsLen - (sizeof(optionCode) + sizeof(optionLen) + optionLen); + return 0; + } + p += optionLen; + pos += optionLen; + } + return ENOENT; +} + +int removeEDNSOptionFromOPT(char* optStart, size_t* optLen, const uint16_t optionCodeToRemove) +{ + if (*optLen < optRecordMinimumSize) { + return EINVAL; + } + const unsigned char* end = (const unsigned char*) optStart + *optLen; + unsigned char* p = (unsigned char*) optStart + 9; + unsigned char* rdLenPtr = p; + uint16_t rdLen = (0x100*p[0] + p[1]); + p += sizeof(rdLen); + if (p + rdLen != end) { + return EINVAL; + } + uint16_t newRdLen = 0; + int res = removeEDNSOptionFromOptions(p, rdLen, optionCodeToRemove, &newRdLen); + if (res != 0) { + return res; + } + *optLen -= (rdLen - newRdLen); + rdLenPtr[0] = newRdLen / 0x100; + rdLenPtr[1] = newRdLen % 0x100; + return 0; +} + +bool isEDNSOptionInOpt(const PacketBuffer& packet, const size_t optStart, const size_t optLen, const uint16_t optionCodeToFind, size_t* optContentStart, uint16_t* optContentLen) +{ + if (optLen < optRecordMinimumSize) { + return false; + } + size_t p = optStart + 9; + uint16_t rdLen = (0x100*static_cast(packet.at(p)) + static_cast(packet.at(p+1))); + p += sizeof(rdLen); + if (rdLen > (optLen - optRecordMinimumSize)) { + return false; + } + + size_t rdEnd = p + rdLen; + while ((p + 4) <= rdEnd) { + const uint16_t optionCode = 0x100*static_cast(packet.at(p)) + static_cast(packet.at(p+1)); + p += sizeof(optionCode); + const uint16_t optionLen = 0x100*static_cast(packet.at(p)) + static_cast(packet.at(p+1)); + p += sizeof(optionLen); + + if ((p + optionLen) > rdEnd) { + return false; + } + + if (optionCode == optionCodeToFind) { + if (optContentStart != nullptr) { + *optContentStart = p; + } + + if (optContentLen != nullptr) { + *optContentLen = optionLen; + } + + return true; + } + p += optionLen; + } + return false; +} + +int rewriteResponseWithoutEDNSOption(const PacketBuffer& initialPacket, const uint16_t optionCodeToSkip, PacketBuffer& newContent) +{ + assert(initialPacket.size() >= sizeof(dnsheader)); + const struct dnsheader* dh = reinterpret_cast(initialPacket.data()); + + if (ntohs(dh->arcount) == 0) + return ENOENT; + + if (ntohs(dh->qdcount) == 0) + return ENOENT; + + PacketReader pr(pdns_string_view(reinterpret_cast(initialPacket.data()), initialPacket.size())); + + size_t idx = 0; + DNSName rrname; + uint16_t qdcount = ntohs(dh->qdcount); + uint16_t ancount = ntohs(dh->ancount); + uint16_t nscount = ntohs(dh->nscount); + uint16_t arcount = ntohs(dh->arcount); + uint16_t rrtype; + uint16_t rrclass; + string blob; + struct dnsrecordheader ah; + + rrname = pr.getName(); + rrtype = pr.get16BitInt(); + rrclass = pr.get16BitInt(); + + GenericDNSPacketWriter pw(newContent, rrname, rrtype, rrclass, dh->opcode); + pw.getHeader()->id=dh->id; + pw.getHeader()->qr=dh->qr; + pw.getHeader()->aa=dh->aa; + pw.getHeader()->tc=dh->tc; + pw.getHeader()->rd=dh->rd; + pw.getHeader()->ra=dh->ra; + pw.getHeader()->ad=dh->ad; + pw.getHeader()->cd=dh->cd; + pw.getHeader()->rcode=dh->rcode; + + /* consume remaining qd if any */ + if (qdcount > 1) { + for(idx = 1; idx < qdcount; idx++) { + rrname = pr.getName(); + rrtype = pr.get16BitInt(); + rrclass = pr.get16BitInt(); + (void) rrtype; + (void) rrclass; + } + } + + /* copy AN and NS */ + for (idx = 0; idx < ancount; idx++) { + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + pw.startRecord(rrname, ah.d_type, ah.d_ttl, ah.d_class, DNSResourceRecord::ANSWER, true); + pr.xfrBlob(blob); + pw.xfrBlob(blob); + } + + for (idx = 0; idx < nscount; idx++) { + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + pw.startRecord(rrname, ah.d_type, ah.d_ttl, ah.d_class, DNSResourceRecord::AUTHORITY, true); + pr.xfrBlob(blob); + pw.xfrBlob(blob); + } + + /* consume AR, looking for OPT */ + for (idx = 0; idx < arcount; idx++) { + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + if (ah.d_type != QType::OPT) { + pw.startRecord(rrname, ah.d_type, ah.d_ttl, ah.d_class, DNSResourceRecord::ADDITIONAL, true); + pr.xfrBlob(blob); + pw.xfrBlob(blob); + } else { + pw.startRecord(rrname, ah.d_type, ah.d_ttl, ah.d_class, DNSResourceRecord::ADDITIONAL, false); + pr.xfrBlob(blob); + uint16_t rdLen = blob.length(); + removeEDNSOptionFromOptions((unsigned char*)blob.c_str(), rdLen, optionCodeToSkip, &rdLen); + /* xfrBlob(string, size) completely ignores size.. */ + if (rdLen > 0) { + blob.resize((size_t)rdLen); + pw.xfrBlob(blob); + } else { + pw.commit(); + } + } + } + pw.commit(); + + return 0; +} + +bool addEDNS(PacketBuffer& packet, size_t maximumSize, bool dnssecOK, uint16_t payloadSize, uint8_t ednsrcode) +{ + if (!generateOptRR(std::string(), packet, maximumSize, payloadSize, ednsrcode, dnssecOK)) { + return false; + } + + auto dh = reinterpret_cast(packet.data()); + dh->arcount = htons(ntohs(dh->arcount) + 1); + + return true; +} + +/* + This function keeps the existing header and DNSSECOK bit (if any) but wipes anything else, + generating a NXD or NODATA answer with a SOA record in the additional section. +*/ +bool setNegativeAndAdditionalSOA(DNSQuestion& dq, bool nxd, const DNSName& zone, uint32_t ttl, const DNSName& mname, const DNSName& rname, uint32_t serial, uint32_t refresh, uint32_t retry, uint32_t expire, uint32_t minimum) +{ + auto& packet = dq.getMutableData(); + auto dh = dq.getHeader(); + if (ntohs(dh->qdcount) != 1) { + return false; + } + + size_t queryPartSize = sizeof(dnsheader) + dq.qname->wirelength() + DNS_TYPE_SIZE + DNS_CLASS_SIZE; + if (packet.size() < queryPartSize) { + /* something is already wrong, don't build on flawed foundations */ + return false; + } + + uint16_t qtype = htons(QType::SOA); + uint16_t qclass = htons(QClass::IN); + uint16_t rdLength = mname.wirelength() + rname.wirelength() + sizeof(serial) + sizeof(refresh) + sizeof(retry) + sizeof(expire) + sizeof(minimum); + size_t soaSize = zone.wirelength() + sizeof(qtype) + sizeof(qclass) + sizeof(ttl) + sizeof(rdLength) + rdLength; + bool hadEDNS = false; + bool dnssecOK = false; + + if (g_addEDNSToSelfGeneratedResponses) { + uint16_t payloadSize = 0; + uint16_t z = 0; + hadEDNS = getEDNSUDPPayloadSizeAndZ(reinterpret_cast(packet.data()), packet.size(), &payloadSize, &z); + if (hadEDNS) { + dnssecOK = z & EDNS_HEADER_FLAG_DO; + } + } + + /* chop off everything after the question */ + packet.resize(queryPartSize); + dh = dq.getHeader(); + if (nxd) { + dh->rcode = RCode::NXDomain; + } + else { + dh->rcode = RCode::NoError; + } + dh->qr = true; + dh->ancount = 0; + dh->nscount = 0; + dh->arcount = 0; + + rdLength = htons(rdLength); + ttl = htonl(ttl); + serial = htonl(serial); + refresh = htonl(refresh); + retry = htonl(retry); + expire = htonl(expire); + minimum = htonl(minimum); + + std::string soa; + soa.reserve(soaSize); + soa.append(zone.toDNSString()); + soa.append(reinterpret_cast(&qtype), sizeof(qtype)); + soa.append(reinterpret_cast(&qclass), sizeof(qclass)); + soa.append(reinterpret_cast(&ttl), sizeof(ttl)); + soa.append(reinterpret_cast(&rdLength), sizeof(rdLength)); + soa.append(mname.toDNSString()); + soa.append(rname.toDNSString()); + soa.append(reinterpret_cast(&serial), sizeof(serial)); + soa.append(reinterpret_cast(&refresh), sizeof(refresh)); + soa.append(reinterpret_cast(&retry), sizeof(retry)); + soa.append(reinterpret_cast(&expire), sizeof(expire)); + soa.append(reinterpret_cast(&minimum), sizeof(minimum)); + + if (soa.size() != soaSize) { + throw std::runtime_error("Unexpected SOA response size: " + std::to_string(soa.size()) + " vs " + std::to_string(soaSize)); + } + + packet.insert(packet.end(), soa.begin(), soa.end()); + dh = dq.getHeader(); + dh->arcount = htons(1); + + if (hadEDNS) { + /* now we need to add a new OPT record */ + return addEDNS(packet, dq.getMaximumSize(), dnssecOK, g_PayloadSizeSelfGenAnswers, dq.ednsRCode); + } + + return true; +} + +bool addEDNSToQueryTurnedResponse(DNSQuestion& dq) +{ + uint16_t optRDPosition; + /* remaining is at least the size of the rdlen + the options if any + the following records if any */ + size_t remaining = 0; + + auto& packet = dq.getMutableData(); + int res = getEDNSOptionsStart(packet, dq.qname->wirelength(), &optRDPosition, &remaining); + + if (res != 0) { + /* if the initial query did not have EDNS0, we are done */ + return true; + } + + const size_t existingOptLen = /* root */ 1 + DNS_TYPE_SIZE + DNS_CLASS_SIZE + EDNS_EXTENDED_RCODE_SIZE + EDNS_VERSION_SIZE + /* Z */ 2 + remaining; + if (existingOptLen >= packet.size()) { + /* something is wrong, bail out */ + return false; + } + + uint8_t* optRDLen = &packet.at(optRDPosition); + uint8_t* optPtr = (optRDLen - (/* root */ 1 + DNS_TYPE_SIZE + DNS_CLASS_SIZE + EDNS_EXTENDED_RCODE_SIZE + EDNS_VERSION_SIZE + /* Z */ 2)); + + const uint8_t* zPtr = optPtr + /* root */ 1 + DNS_TYPE_SIZE + DNS_CLASS_SIZE + EDNS_EXTENDED_RCODE_SIZE + EDNS_VERSION_SIZE; + uint16_t z = 0x100 * (*zPtr) + *(zPtr + 1); + bool dnssecOK = z & EDNS_HEADER_FLAG_DO; + + /* remove the existing OPT record, and everything else that follows (any SIG or TSIG would be useless anyway) */ + packet.resize(packet.size() - existingOptLen); + dq.getHeader()->arcount = 0; + + if (g_addEDNSToSelfGeneratedResponses) { + /* now we need to add a new OPT record */ + return addEDNS(packet, dq.getMaximumSize(), dnssecOK, g_PayloadSizeSelfGenAnswers, dq.ednsRCode); + } + + /* otherwise we are just fine */ + return true; +} + +// goal in life - if you send us a reasonably normal packet, we'll get Z for you, otherwise 0 +int getEDNSZ(const DNSQuestion& dq) +{ + try + { + const auto& dh = dq.getHeader(); + if (ntohs(dh->qdcount) != 1 || dh->ancount != 0 || ntohs(dh->arcount) != 1 || dh->nscount != 0) { + return 0; + } + + if (dq.getData().size() <= sizeof(dnsheader)) { + return 0; + } + + size_t pos = sizeof(dnsheader) + dq.qname->wirelength() + DNS_TYPE_SIZE + DNS_CLASS_SIZE; + + if (dq.getData().size() <= (pos + /* root */ 1 + DNS_TYPE_SIZE + DNS_CLASS_SIZE)) { + return 0; + } + + auto& packet = dq.getData(); + + if (packet.at(pos) != 0) { + /* not root, so not a valid OPT record */ + return 0; + } + + pos++; + + uint16_t qtype = packet.at(pos)*256 + packet.at(pos+1); + pos += DNS_TYPE_SIZE; + pos += DNS_CLASS_SIZE; + + if (qtype != QType::OPT || (pos + EDNS_EXTENDED_RCODE_SIZE + EDNS_VERSION_SIZE + 1) >= packet.size()) { + return 0; + } + + const uint8_t* z = &packet.at(pos + EDNS_EXTENDED_RCODE_SIZE + EDNS_VERSION_SIZE); + return 0x100 * (*z) + *(z+1); + } + catch(...) + { + return 0; + } +} + +bool queryHasEDNS(const DNSQuestion& dq) +{ + uint16_t optRDPosition; + size_t ecsRemaining = 0; + + int res = getEDNSOptionsStart(dq.getData(), dq.qname->wirelength(), &optRDPosition, &ecsRemaining); + if (res == 0) { + return true; + } + + return false; +} + +bool getEDNS0Record(const DNSQuestion& dq, EDNS0Record& edns0) +{ + uint16_t optStart; + size_t optLen = 0; + bool last = false; + const auto& packet = dq.getData(); + int res = locateEDNSOptRR(packet, &optStart, &optLen, &last); + if (res != 0) { + // no EDNS OPT RR + return false; + } + + if (optLen < optRecordMinimumSize) { + return false; + } + + if (optStart < packet.size() && packet.at(optStart) != 0) { + // OPT RR Name != '.' + return false; + } + + static_assert(sizeof(EDNS0Record) == sizeof(uint32_t), "sizeof(EDNS0Record) must match sizeof(uint32_t) AKA RR TTL size"); + // copy out 4-byte "ttl" (really the EDNS0 record), after root label (1) + type (2) + class (2). + memcpy(&edns0, &packet.at(optStart + 5), sizeof edns0); + return true; +} diff --git a/dnsdist-ecs.hh b/dnsdist-ecs.hh new file mode 100644 index 0000000..89e6237 --- /dev/null +++ b/dnsdist-ecs.hh @@ -0,0 +1,50 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +// root label (1), type (2), class (2), ttl (4) + rdlen (2) +static const size_t optRecordMinimumSize = 11; + +extern size_t g_EdnsUDPPayloadSize; +extern uint16_t g_PayloadSizeSelfGenAnswers; + +int rewriteResponseWithoutEDNS(const PacketBuffer& initialPacket, PacketBuffer& newContent); +bool slowRewriteEDNSOptionInQueryWithRecords(const PacketBuffer& initialPacket, PacketBuffer& newContent, bool& ednsAdded, uint16_t optionToReplace, bool& optionAdded, bool overrideExisting, const string& newOptionContent); +int locateEDNSOptRR(const PacketBuffer & packet, uint16_t * optStart, size_t * optLen, bool * last); +bool generateOptRR(const std::string& optRData, PacketBuffer& res, size_t maximumSize, uint16_t udpPayloadSize, uint8_t ednsrcode, bool dnssecOK); +void generateECSOption(const ComboAddress& source, string& res, uint16_t ECSPrefixLength); +int removeEDNSOptionFromOPT(char* optStart, size_t* optLen, const uint16_t optionCodeToRemove); +int rewriteResponseWithoutEDNSOption(const PacketBuffer& initialPacket, const uint16_t optionCodeToSkip, PacketBuffer& newContent); +int getEDNSOptionsStart(const PacketBuffer& packet, const size_t offset, uint16_t* optRDPosition, size_t * remaining); +bool isEDNSOptionInOpt(const PacketBuffer& packet, const size_t optStart, const size_t optLen, const uint16_t optionCodeToFind, size_t* optContentStart = nullptr, uint16_t* optContentLen = nullptr); +bool addEDNS(PacketBuffer& packet, size_t maximumSize, bool dnssecOK, uint16_t payloadSize, uint8_t ednsrcode); +bool addEDNSToQueryTurnedResponse(DNSQuestion& dq); +bool setNegativeAndAdditionalSOA(DNSQuestion& dq, bool nxd, const DNSName& zone, uint32_t ttl, const DNSName& mname, const DNSName& rname, uint32_t serial, uint32_t refresh, uint32_t retry, uint32_t expire, uint32_t minimum); + +bool handleEDNSClientSubnet(DNSQuestion& dq, bool& ednsAdded, bool& ecsAdded); +bool handleEDNSClientSubnet(PacketBuffer& packet, size_t maximumSize, size_t qnameWireLength, bool& ednsAdded, bool& ecsAdded, bool overrideExisting, const string& newECSOption); + +bool parseEDNSOptions(const DNSQuestion& dq); + +int getEDNSZ(const DNSQuestion& dq); +bool queryHasEDNS(const DNSQuestion& dq); +bool getEDNS0Record(const DNSQuestion& dq, EDNS0Record& edns0); diff --git a/dnsdist-healthchecks.cc b/dnsdist-healthchecks.cc new file mode 100644 index 0000000..50b9341 --- /dev/null +++ b/dnsdist-healthchecks.cc @@ -0,0 +1,545 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "dnsdist-healthchecks.hh" +#include "tcpiohandler-mplexer.hh" +#include "dnswriter.hh" +#include "dolog.hh" +#include "dnsdist-tcp.hh" +#include "dnsdist-nghttp2.hh" +#include "dnsdist-session-cache.hh" + +bool g_verboseHealthChecks{false}; + +struct HealthCheckData +{ + enum class TCPState : uint8_t { WritingQuery, ReadingResponseSize, ReadingResponse }; + + HealthCheckData(FDMultiplexer& mplexer, const std::shared_ptr& ds, DNSName&& checkName, uint16_t checkType, uint16_t checkClass, uint16_t queryID): d_ds(ds), d_mplexer(mplexer), d_udpSocket(-1), d_checkName(std::move(checkName)), d_checkType(checkType), d_checkClass(checkClass), d_queryID(queryID) + { + } + + const std::shared_ptr d_ds; + FDMultiplexer& d_mplexer; + std::unique_ptr d_tcpHandler{nullptr}; + std::unique_ptr d_ioState{nullptr}; + PacketBuffer d_buffer; + Socket d_udpSocket; + DNSName d_checkName; + struct timeval d_ttd{0, 0}; + size_t d_bufferPos{0}; + uint16_t d_checkType; + uint16_t d_checkClass; + uint16_t d_queryID; + TCPState d_tcpState{TCPState::WritingQuery}; + bool d_initial{false}; +}; + +void updateHealthCheckResult(const std::shared_ptr& dss, bool initial, bool newState) +{ + if (initial) { + warnlog("Marking downstream %s as '%s'", dss->getNameWithAddr(), newState ? "up" : "down"); + dss->setUpStatus(newState); + return; + } + + if (newState) { + /* check succeeded */ + dss->currentCheckFailures = 0; + + if (!dss->upStatus) { + /* we were marked as down */ + dss->consecutiveSuccessfulChecks++; + if (dss->consecutiveSuccessfulChecks < dss->minRiseSuccesses) { + /* if we need more than one successful check to rise + and we didn't reach the threshold yet, + let's stay down */ + newState = false; + } + } + } + else { + /* check failed */ + dss->consecutiveSuccessfulChecks = 0; + + if (dss->upStatus) { + /* we are currently up */ + dss->currentCheckFailures++; + if (dss->currentCheckFailures < dss->maxCheckFailures) { + /* we need more than one failure to be marked as down, + and we did not reach the threshold yet, let's stay up */ + newState = true; + } + } + } + + if (newState != dss->upStatus) { + warnlog("Marking downstream %s as '%s'", dss->getNameWithAddr(), newState ? "up" : "down"); + + if (newState && !dss->isTCPOnly() && (!dss->connected || dss->reconnectOnUp)) { + newState = dss->reconnect(); + + if (dss->connected && !dss->threadStarted.test_and_set()) { + dss->tid = std::thread(responderThread, dss); + } + } + + dss->setUpStatus(newState); + dss->currentCheckFailures = 0; + dss->consecutiveSuccessfulChecks = 0; + if (g_snmpAgent && g_snmpTrapsEnabled) { + g_snmpAgent->sendBackendStatusChangeTrap(dss); + } + } +} + +static bool handleResponse(std::shared_ptr& data) +{ + auto& ds = data->d_ds; + try { + if (data->d_buffer.size() < sizeof(dnsheader)) { + if (g_verboseHealthChecks) { + infolog("Invalid health check response of size %d from backend %s, expecting at least %d", data->d_buffer.size(), ds->getNameWithAddr(), sizeof(dnsheader)); + } + return false; + } + + const dnsheader * responseHeader = reinterpret_cast(data->d_buffer.data()); + if (responseHeader->id != data->d_queryID) { + if (g_verboseHealthChecks) { + infolog("Invalid health check response id %d from backend %s, expecting %d", data->d_queryID, ds->getNameWithAddr(), data->d_queryID); + } + return false; + } + + if (!responseHeader->qr) { + if (g_verboseHealthChecks) { + infolog("Invalid health check response from backend %s, expecting QR to be set", ds->getNameWithAddr()); + } + return false; + } + + if (responseHeader->rcode == RCode::ServFail) { + if (g_verboseHealthChecks) { + infolog("Backend %s responded to health check with ServFail", ds->getNameWithAddr()); + } + return false; + } + + if (ds->mustResolve && (responseHeader->rcode == RCode::NXDomain || responseHeader->rcode == RCode::Refused)) { + if (g_verboseHealthChecks) { + infolog("Backend %s responded to health check with %s while mustResolve is set", ds->getNameWithAddr(), responseHeader->rcode == RCode::NXDomain ? "NXDomain" : "Refused"); + } + return false; + } + + uint16_t receivedType; + uint16_t receivedClass; + DNSName receivedName(reinterpret_cast(data->d_buffer.data()), data->d_buffer.size(), sizeof(dnsheader), false, &receivedType, &receivedClass); + + if (receivedName != data->d_checkName || receivedType != data->d_checkType || receivedClass != data->d_checkClass) { + if (g_verboseHealthChecks) { + infolog("Backend %s responded to health check with an invalid qname (%s vs %s), qtype (%s vs %s) or qclass (%d vs %d)", ds->getNameWithAddr(), receivedName.toLogString(), data->d_checkName.toLogString(), QType(receivedType).toString(), QType(data->d_checkType).toString(), receivedClass, data->d_checkClass); + } + return false; + } + } + catch(const std::exception& e) + { + if (g_verboseHealthChecks) { + infolog("Error checking the health of backend %s: %s", ds->getNameWithAddr(), e.what()); + } + return false; + } + catch(...) + { + if (g_verboseHealthChecks) { + infolog("Unknown exception while checking the health of backend %s", ds->getNameWithAddr()); + } + return false; + } + + return true; +} + +class HealthCheckQuerySender : public TCPQuerySender +{ +public: + HealthCheckQuerySender(std::shared_ptr& data): d_data(data) + { + } + + ~HealthCheckQuerySender() + { + } + + bool active() const override + { + return true; + } + + const ClientState* getClientState() const override + { + return nullptr; + } + + void handleResponse(const struct timeval& now, TCPResponse&& response) override + { + d_data->d_buffer = std::move(response.d_buffer); + updateHealthCheckResult(d_data->d_ds, d_data->d_initial, ::handleResponse(d_data)); + } + + void handleXFRResponse(const struct timeval& now, TCPResponse&& response) override + { + throw std::runtime_error("Unexpected XFR reponse to a health check query"); + } + + void notifyIOError(IDState&& query, const struct timeval& now) override + { + updateHealthCheckResult(d_data->d_ds, d_data->d_initial, false); + } + +private: + std::shared_ptr d_data; +}; + +static void healthCheckUDPCallback(int fd, FDMultiplexer::funcparam_t& param) +{ + auto data = boost::any_cast>(param); + data->d_mplexer.removeReadFD(fd); + + ComboAddress from; + from.sin4.sin_family = data->d_ds->remote.sin4.sin_family; + auto fromlen = from.getSocklen(); + data->d_buffer.resize(512); + auto got = recvfrom(data->d_udpSocket.getHandle(), &data->d_buffer.at(0), data->d_buffer.size(), 0, reinterpret_cast(&from), &fromlen); + if (got < 0) { + if (g_verboseHealthChecks) { + infolog("Error receiving health check response from %s: %s", data->d_ds->remote.toStringWithPort(), stringerror()); + } + updateHealthCheckResult(data->d_ds, data->d_initial, false); + } + + /* we are using a connected socket but hey.. */ + if (from != data->d_ds->remote) { + if (g_verboseHealthChecks) { + infolog("Invalid health check response received from %s, expecting one from %s", from.toStringWithPort(), data->d_ds->remote.toStringWithPort()); + } + updateHealthCheckResult(data->d_ds, data->d_initial, false); + } + + updateHealthCheckResult(data->d_ds, data->d_initial, handleResponse(data)); +} + +static void healthCheckTCPCallback(int fd, FDMultiplexer::funcparam_t& param) +{ + auto data = boost::any_cast>(param); + + IOStateGuard ioGuard(data->d_ioState); + try { + auto ioState = IOState::Done; + + if (data->d_tcpState == HealthCheckData::TCPState::WritingQuery) { + ioState = data->d_tcpHandler->tryWrite(data->d_buffer, data->d_bufferPos, data->d_buffer.size()); + if (ioState == IOState::Done) { + data->d_bufferPos = 0; + data->d_buffer.resize(sizeof(uint16_t)); + data->d_tcpState = HealthCheckData::TCPState::ReadingResponseSize; + } + } + + if (data->d_tcpState == HealthCheckData::TCPState::ReadingResponseSize) { + ioState = data->d_tcpHandler->tryRead(data->d_buffer, data->d_bufferPos, data->d_buffer.size()); + if (ioState == IOState::Done) { + data->d_bufferPos = 0; + uint16_t responseSize; + memcpy(&responseSize, &data->d_buffer.at(0), sizeof(responseSize)); + data->d_buffer.resize(ntohs(responseSize)); + data->d_tcpState = HealthCheckData::TCPState::ReadingResponse; + } + } + + if (data->d_tcpState == HealthCheckData::TCPState::ReadingResponse) { + ioState = data->d_tcpHandler->tryRead(data->d_buffer, data->d_bufferPos, data->d_buffer.size()); + if (ioState == IOState::Done) { + updateHealthCheckResult(data->d_ds, data->d_initial, handleResponse(data)); + } + } + + if (ioState == IOState::Done) { + /* remove us from the mplexer, we are done */ + data->d_ioState->update(ioState, healthCheckTCPCallback, data); + if (data->d_tcpHandler->isTLS()) { + try { + auto sessions = data->d_tcpHandler->getTLSSessions(); + if (!sessions.empty()) { + g_sessionCache.putSessions(data->d_ds->getID(), time(nullptr), std::move(sessions)); + } + } + catch (const std::exception& e) { + vinfolog("Unable to get a TLS session from the DoT healthcheck: %s", e.what()); + } + } + } + else { + data->d_ioState->update(ioState, healthCheckTCPCallback, data, data->d_ttd); + } + + /* the state has been updated, we can release the guard */ + ioGuard.release(); + } + catch (const std::exception& e) { + updateHealthCheckResult(data->d_ds, data->d_initial, false); + if (g_verboseHealthChecks) { + infolog("Error checking the health of backend %s: %s", data->d_ds->getNameWithAddr(), e.what()); + } + } + catch (...) { + updateHealthCheckResult(data->d_ds, data->d_initial, false); + if (g_verboseHealthChecks) { + infolog("Unknown exception while checking the health of backend %s", data->d_ds->getNameWithAddr()); + } + } +} + +bool queueHealthCheck(std::unique_ptr& mplexer, const std::shared_ptr& ds, bool initialCheck) +{ + try + { + uint16_t queryID = getRandomDNSID(); + DNSName checkName = ds->checkName; + uint16_t checkType = ds->checkType.getCode(); + uint16_t checkClass = ds->checkClass; + dnsheader checkHeader; + memset(&checkHeader, 0, sizeof(checkHeader)); + + checkHeader.qdcount = htons(1); + checkHeader.id = queryID; + + checkHeader.rd = true; + if (ds->setCD) { + checkHeader.cd = true; + } + + if (ds->checkFunction) { + auto lock = g_lua.lock(); + auto ret = ds->checkFunction(checkName, checkType, checkClass, &checkHeader); + checkName = std::get<0>(ret); + checkType = std::get<1>(ret); + checkClass = std::get<2>(ret); + } + + PacketBuffer packet; + GenericDNSPacketWriter dpw(packet, checkName, checkType, checkClass); + dnsheader* requestHeader = dpw.getHeader(); + *requestHeader = checkHeader; + + /* we need to compute that _before_ adding the proxy protocol payload */ + uint16_t packetSize = packet.size(); + std::string proxyProtocolPayload; + size_t proxyProtocolPayloadSize = 0; + if (ds->useProxyProtocol) { + proxyProtocolPayload = makeLocalProxyHeader(); + proxyProtocolPayloadSize = proxyProtocolPayload.size(); + if (!ds->isDoH()) { + packet.insert(packet.begin(), proxyProtocolPayload.begin(), proxyProtocolPayload.end()); + } + } + + Socket sock(ds->remote.sin4.sin_family, ds->doHealthcheckOverTCP() ? SOCK_STREAM : SOCK_DGRAM); + + sock.setNonBlocking(); + if (!IsAnyAddress(ds->sourceAddr)) { + sock.setReuseAddr(); +#ifdef IP_BIND_ADDRESS_NO_PORT + if (ds->ipBindAddrNoPort) { + SSetsockopt(sock.getHandle(), SOL_IP, IP_BIND_ADDRESS_NO_PORT, 1); + } +#endif + + if (!ds->sourceItfName.empty()) { +#ifdef SO_BINDTODEVICE + int res = setsockopt(sock.getHandle(), SOL_SOCKET, SO_BINDTODEVICE, ds->sourceItfName.c_str(), ds->sourceItfName.length()); + if (res != 0 && g_verboseHealthChecks) { + infolog("Error setting SO_BINDTODEVICE on the health check socket for backend '%s': %s", ds->getNameWithAddr(), stringerror()); + } +#endif + } + sock.bind(ds->sourceAddr); + } + + auto data = std::make_shared(*mplexer, ds, std::move(checkName), checkType, checkClass, queryID); + data->d_initial = initialCheck; + + gettimeofday(&data->d_ttd, nullptr); + data->d_ttd.tv_sec += ds->checkTimeout / 1000; /* ms to seconds */ + data->d_ttd.tv_usec += (ds->checkTimeout % 1000) * 1000; /* remaining ms to us */ + if (data->d_ttd.tv_usec > 1000000) { + ++data->d_ttd.tv_sec; + data->d_ttd.tv_usec -= 1000000; + } + + if (!ds->doHealthcheckOverTCP()) { + sock.connect(ds->remote); + data->d_udpSocket = std::move(sock); + ssize_t sent = udpClientSendRequestToBackend(ds, data->d_udpSocket.getHandle(), packet, true); + if (sent < 0) { + int ret = errno; + if (g_verboseHealthChecks) { + infolog("Error while sending a health check query to backend %s: %d", ds->getNameWithAddr(), ret); + } + return false; + } + + mplexer->addReadFD(data->d_udpSocket.getHandle(), &healthCheckUDPCallback, data, &data->d_ttd); + } + else if (ds->isDoH()) { + InternalQuery query(std::move(packet), IDState()); + query.d_proxyProtocolPayload = std::move(proxyProtocolPayload); + auto sender = std::shared_ptr(new HealthCheckQuerySender(data)); + if (!sendH2Query(ds, mplexer, sender, std::move(query), true)) { + updateHealthCheckResult(data->d_ds, data->d_initial, false); + } + } + else { + time_t now = time(nullptr); + data->d_tcpHandler = std::make_unique(ds->d_tlsSubjectName, sock.releaseHandle(), timeval{ds->checkTimeout,0}, ds->d_tlsCtx, now); + data->d_ioState = std::make_unique(*mplexer, data->d_tcpHandler->getDescriptor()); + if (ds->d_tlsCtx) { + try { + auto tlsSession = g_sessionCache.getSession(ds->getID(), now); + if (tlsSession) { + data->d_tcpHandler->setTLSSession(tlsSession); + } + } + catch (const std::exception& e) { + vinfolog("Unable to restore a TLS session for the DoT healthcheck: %s", e.what()); + } + } + data->d_tcpHandler->tryConnect(ds->tcpFastOpen, ds->remote); + + const uint8_t sizeBytes[] = { static_cast(packetSize / 256), static_cast(packetSize % 256) }; + packet.insert(packet.begin() + proxyProtocolPayloadSize, sizeBytes, sizeBytes + 2); + data->d_buffer = std::move(packet); + + auto ioState = data->d_tcpHandler->tryWrite(data->d_buffer, data->d_bufferPos, data->d_buffer.size()); + if (ioState == IOState::Done) { + data->d_bufferPos = 0; + data->d_buffer.resize(sizeof(uint16_t)); + data->d_tcpState = HealthCheckData::TCPState::ReadingResponseSize; + ioState = IOState::NeedRead; + } + + data->d_ioState->update(ioState, healthCheckTCPCallback, data, data->d_ttd); + } + + return true; + } + catch (const std::exception& e) + { + if (g_verboseHealthChecks) { + infolog("Error checking the health of backend %s: %s", ds->getNameWithAddr(), e.what()); + } + return false; + } + catch (...) + { + if (g_verboseHealthChecks) { + infolog("Unknown exception while checking the health of backend %s", ds->getNameWithAddr()); + } + return false; + } +} + +void handleQueuedHealthChecks(FDMultiplexer& mplexer, bool initial) +{ + while (mplexer.getWatchedFDCount(false) > 0 || mplexer.getWatchedFDCount(true) > 0) { + struct timeval now; + int ret = mplexer.run(&now, 100); + if (ret == -1) { + if (g_verboseHealthChecks) { + infolog("Error while waiting for the health check response from backends: %d", ret); + } + break; + } + + handleH2Timeouts(mplexer, now); + + auto timeouts = mplexer.getTimeouts(now); + for (const auto& timeout : timeouts) { + if (timeout.second.type() != typeid(std::shared_ptr)) { + continue; + } + + auto data = boost::any_cast>(timeout.second); + try { + if (data->d_ioState) { + data->d_ioState.reset(); + } + else { + mplexer.removeReadFD(timeout.first); + } + if (g_verboseHealthChecks) { + infolog("Timeout while waiting for the health check response from backend %s", data->d_ds->getNameWithAddr()); + } + + updateHealthCheckResult(data->d_ds, initial, false); + } + catch (const std::exception& e) { + if (g_verboseHealthChecks) { + infolog("Error while dealing with a timeout for the health check response from backend %s: %s", data->d_ds->getNameWithAddr(), e.what()); + } + } + catch (...) { + if (g_verboseHealthChecks) { + infolog("Error while dealing with a timeout for the health check response from backend %s", data->d_ds->getNameWithAddr()); + } + } + } + + timeouts = mplexer.getTimeouts(now, true); + for (const auto& timeout : timeouts) { + if (timeout.second.type() != typeid(std::shared_ptr)) { + continue; + } + auto data = boost::any_cast>(timeout.second); + try { + data->d_ioState.reset(); + if (g_verboseHealthChecks) { + infolog("Timeout while waiting for the health check response from backend %s", data->d_ds->getNameWithAddr()); + } + + updateHealthCheckResult(data->d_ds, initial, false); + } + catch (const std::exception& e) { + if (g_verboseHealthChecks) { + infolog("Error while dealing with a timeout for the health check response from backend %s: %s", data->d_ds->getNameWithAddr(), e.what()); + } + } + catch (...) { + if (g_verboseHealthChecks) { + infolog("Error while dealing with a timeout for the health check response from backend %s", data->d_ds->getNameWithAddr()); + } + } + } + } +} diff --git a/dnsdist-healthchecks.hh b/dnsdist-healthchecks.hh new file mode 100644 index 0000000..04af75b --- /dev/null +++ b/dnsdist-healthchecks.hh @@ -0,0 +1,33 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include "dnsdist.hh" +#include "mplexer.hh" +#include "sstuff.hh" + +extern bool g_verboseHealthChecks; + +void updateHealthCheckResult(const std::shared_ptr& dss, bool initial, bool newState); +bool queueHealthCheck(std::unique_ptr& mplexer, const std::shared_ptr& ds, bool initial=false); +void handleQueuedHealthChecks(FDMultiplexer& mplexer, bool initial=false); + diff --git a/dnsdist-idstate.cc b/dnsdist-idstate.cc new file mode 100644 index 0000000..286808c --- /dev/null +++ b/dnsdist-idstate.cc @@ -0,0 +1,75 @@ + +#include "dnsdist.hh" + +DNSResponse makeDNSResponseFromIDState(IDState& ids, PacketBuffer& data) +{ + DNSResponse dr(&ids.qname, ids.qtype, ids.qclass, &ids.origDest, &ids.origRemote, data, ids.protocol, &ids.sentTime.d_start); + dr.origFlags = ids.origFlags; + dr.cacheFlags = ids.cacheFlags; + dr.ecsAdded = ids.ecsAdded; + dr.ednsAdded = ids.ednsAdded; + dr.useZeroScope = ids.useZeroScope; + dr.packetCache = std::move(ids.packetCache); + dr.delayMsec = ids.delayMsec; + dr.skipCache = ids.skipCache; + dr.cacheKey = ids.cacheKey; + dr.cacheKeyNoECS = ids.cacheKeyNoECS; + dr.cacheKeyUDP = ids.cacheKeyUDP; + dr.dnssecOK = ids.dnssecOK; + dr.tempFailureTTL = ids.tempFailureTTL; + dr.qTag = std::move(ids.qTag); + dr.subnet = std::move(ids.subnet); + dr.uniqueId = std::move(ids.uniqueId); + + if (ids.dnsCryptQuery) { + dr.dnsCryptQuery = std::move(ids.dnsCryptQuery); + } + + dr.hopRemote = &ids.hopRemote; + dr.hopLocal = &ids.hopLocal; + + return dr; +} + +void setIDStateFromDNSQuestion(IDState& ids, DNSQuestion& dq, DNSName&& qname) +{ + ids.origRemote = *dq.remote; + ids.origDest = *dq.local; + ids.sentTime.set(*dq.queryTime); + ids.qname = std::move(qname); + ids.qtype = dq.qtype; + ids.qclass = dq.qclass; + ids.protocol = dq.protocol; + ids.delayMsec = dq.delayMsec; + ids.tempFailureTTL = dq.tempFailureTTL; + ids.origFlags = dq.origFlags; + ids.cacheFlags = dq.cacheFlags; + ids.cacheKey = dq.cacheKey; + ids.cacheKeyNoECS = dq.cacheKeyNoECS; + ids.cacheKeyUDP = dq.cacheKeyUDP; + ids.subnet = dq.subnet; + ids.skipCache = dq.skipCache; + ids.packetCache = dq.packetCache; + ids.ednsAdded = dq.ednsAdded; + ids.ecsAdded = dq.ecsAdded; + ids.useZeroScope = dq.useZeroScope; + ids.qTag = std::move(dq.qTag); + ids.dnssecOK = dq.dnssecOK; + ids.uniqueId = std::move(dq.uniqueId); + + if (dq.hopRemote) { + ids.hopRemote = *dq.hopRemote; + } + else { + ids.hopRemote.sin4.sin_family = 0; + } + + if (dq.hopLocal) { + ids.hopLocal = *dq.hopLocal; + } + else { + ids.hopLocal.sin4.sin_family = 0; + } + + ids.dnsCryptQuery = std::move(dq.dnsCryptQuery); +} diff --git a/dnsdist-idstate.hh b/dnsdist-idstate.hh new file mode 100644 index 0000000..fd0b6a6 --- /dev/null +++ b/dnsdist-idstate.hh @@ -0,0 +1,272 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include "config.h" +#include "dnsname.hh" +#include "dnsdist-protocols.hh" +#include "gettime.hh" +#include "iputils.hh" +#include "uuid-utils.hh" + +struct ClientState; +struct DOHUnit; +class DNSCryptQuery; +class DNSDistPacketCache; + +using QTag = std::unordered_map; + +struct StopWatch +{ + StopWatch(bool realTime = false) : + d_needRealTime(realTime) + { + } + + void start() + { + d_start = getCurrentTime(); + } + + void set(const struct timespec& from) + { + d_start = from; + } + + double udiff() const + { + struct timespec now = getCurrentTime(); + return 1000000.0 * (now.tv_sec - d_start.tv_sec) + (now.tv_nsec - d_start.tv_nsec) / 1000.0; + } + + double udiffAndSet() + { + struct timespec now = getCurrentTime(); + auto ret = 1000000.0 * (now.tv_sec - d_start.tv_sec) + (now.tv_nsec - d_start.tv_nsec) / 1000.0; + d_start = now; + return ret; + } + + struct timespec getCurrentTime() const + { + struct timespec now; + if (gettime(&now, d_needRealTime) < 0) { + unixDie("Getting timestamp"); + } + return now; + } + + struct timespec d_start + { + 0, 0 + }; + +private: + bool d_needRealTime; +}; + +/* g++ defines __SANITIZE_THREAD__ + clang++ supports the nice __has_feature(thread_sanitizer), + let's merge them */ +#if defined(__has_feature) +#if __has_feature(thread_sanitizer) +#define __SANITIZE_THREAD__ 1 +#endif +#endif + +struct IDState +{ + IDState() : + sentTime(true), tempFailureTTL(boost::none) { origDest.sin4.sin_family = 0; } + IDState(const IDState& orig) = delete; + IDState(IDState&& rhs) : + subnet(rhs.subnet), origRemote(rhs.origRemote), origDest(rhs.origDest), hopRemote(rhs.hopRemote), hopLocal(rhs.hopLocal), qname(std::move(rhs.qname)), sentTime(rhs.sentTime), packetCache(std::move(rhs.packetCache)), dnsCryptQuery(std::move(rhs.dnsCryptQuery)), qTag(std::move(rhs.qTag)), tempFailureTTL(rhs.tempFailureTTL), cs(rhs.cs), du(std::move(rhs.du)), cacheKey(rhs.cacheKey), cacheKeyNoECS(rhs.cacheKeyNoECS), cacheKeyUDP(rhs.cacheKeyUDP), origFD(rhs.origFD), delayMsec(rhs.delayMsec), qtype(rhs.qtype), qclass(rhs.qclass), origID(rhs.origID), origFlags(rhs.origFlags), cacheFlags(rhs.cacheFlags), protocol(rhs.protocol), ednsAdded(rhs.ednsAdded), ecsAdded(rhs.ecsAdded), skipCache(rhs.skipCache), destHarvested(rhs.destHarvested), dnssecOK(rhs.dnssecOK), useZeroScope(rhs.useZeroScope) + { + if (rhs.isInUse()) { + throw std::runtime_error("Trying to move an in-use IDState"); + } + + uniqueId = std::move(rhs.uniqueId); +#ifdef __SANITIZE_THREAD__ + age.store(rhs.age.load()); +#else + age = rhs.age; +#endif + } + + IDState& operator=(IDState&& rhs) + { + if (isInUse()) { + throw std::runtime_error("Trying to overwrite an in-use IDState"); + } + + if (rhs.isInUse()) { + throw std::runtime_error("Trying to move an in-use IDState"); + } + + subnet = std::move(rhs.subnet); + origRemote = rhs.origRemote; + origDest = rhs.origDest; + hopRemote = rhs.hopRemote; + hopLocal = rhs.hopLocal; + qname = std::move(rhs.qname); + sentTime = rhs.sentTime; + dnsCryptQuery = std::move(rhs.dnsCryptQuery); + packetCache = std::move(rhs.packetCache); + qTag = std::move(rhs.qTag); + tempFailureTTL = std::move(rhs.tempFailureTTL); + cs = rhs.cs; + du = std::move(rhs.du); + cacheKey = rhs.cacheKey; + cacheKeyNoECS = rhs.cacheKeyNoECS; + cacheKeyUDP = rhs.cacheKeyUDP; + origFD = rhs.origFD; + delayMsec = rhs.delayMsec; +#ifdef __SANITIZE_THREAD__ + age.store(rhs.age.load()); +#else + age = rhs.age; +#endif + qtype = rhs.qtype; + qclass = rhs.qclass; + origID = rhs.origID; + origFlags = rhs.origFlags; + cacheFlags = rhs.cacheFlags; + protocol = rhs.protocol; + uniqueId = std::move(rhs.uniqueId); + ednsAdded = rhs.ednsAdded; + ecsAdded = rhs.ecsAdded; + skipCache = rhs.skipCache; + destHarvested = rhs.destHarvested; + dnssecOK = rhs.dnssecOK; + useZeroScope = rhs.useZeroScope; + + return *this; + } + + static const int64_t unusedIndicator = -1; + + static bool isInUse(int64_t usageIndicator) + { + return usageIndicator != unusedIndicator; + } + + bool isInUse() const + { + return usageIndicator != unusedIndicator; + } + + /* return true if the value has been successfully replaced meaning that + no-one updated the usage indicator in the meantime */ + bool tryMarkUnused(int64_t expectedUsageIndicator) + { + return usageIndicator.compare_exchange_strong(expectedUsageIndicator, unusedIndicator); + } + + /* mark as used no matter what, return true if the state was in use before */ + bool markAsUsed() + { + auto currentGeneration = generation++; + return markAsUsed(currentGeneration); + } + + /* mark as used no matter what, return true if the state was in use before */ + bool markAsUsed(int64_t currentGeneration) + { + int64_t oldUsage = usageIndicator.exchange(currentGeneration); + return oldUsage != unusedIndicator; + } + + /* We use this value to detect whether this state is in use. + For performance reasons we don't want to use a lock here, but that means + we need to be very careful when modifying this value. Modifications happen + from: + - one of the UDP or DoH 'client' threads receiving a query, selecting a backend + then picking one of the states associated to this backend (via the idOffset). + Most of the time this state should not be in use and usageIndicator is -1, but we + might not yet have received a response for the query previously associated to this + state, meaning that we will 'reuse' this state and erase the existing state. + If we ever receive a response for this state, it will be discarded. This is + mostly fine for UDP except that we still need to be careful in order to miss + the 'outstanding' counters, which should only be increased when we are picking + an empty state, and not when reusing ; + For DoH, though, we have dynamically allocated a DOHUnit object that needs to + be freed, as well as internal objects internals to libh2o. + - one of the UDP receiver threads receiving a response from a backend, picking + the corresponding state and sending the response to the client ; + - the 'healthcheck' thread scanning the states to actively discover timeouts, + mostly to keep some counters like the 'outstanding' one sane. + We previously based that logic on the origFD (FD on which the query was received, + and therefore from where the response should be sent) but this suffered from an + ABA problem since it was quite likely that a UDP 'client thread' would reset it to the + same value since we only have so much incoming sockets: + - 1/ 'client' thread gets a query and set origFD to its FD, say 5 ; + - 2/ 'receiver' thread gets a response, read the value of origFD to 5, check that the qname, + qtype and qclass match + - 3/ during that time the 'client' thread reuses the state, setting again origFD to 5 ; + - 4/ the 'receiver' thread uses compare_exchange_strong() to only replace the value if it's still + 5, except it's not the same 5 anymore and it overrides a fresh state. + We now use a 32-bit unsigned counter instead, which is incremented every time the state is set, + wrapping around if necessary, and we set an atomic signed 64-bit value, so that we still have -1 + when the state is unused and the value of our counter otherwise. + */ + boost::optional subnet{boost::none}; // 40 + ComboAddress origRemote; // 28 + ComboAddress origDest; // 28 + ComboAddress hopRemote; + ComboAddress hopLocal; + DNSName qname; // 24 + StopWatch sentTime; // 16 + std::shared_ptr packetCache{nullptr}; // 16 + std::unique_ptr dnsCryptQuery{nullptr}; // 8 + std::unique_ptr qTag{nullptr}; // 8 + boost::optional tempFailureTTL; // 8 + const ClientState* cs{nullptr}; // 8 + DOHUnit* du{nullptr}; // 8 (not a unique_ptr because we currently need to be able to peek at it without taking ownership until later) + std::atomic usageIndicator{unusedIndicator}; // set to unusedIndicator to indicate this state is empty // 8 + std::atomic generation{0}; // increased every time a state is used, to be able to detect an ABA issue // 4 + uint32_t cacheKey{0}; // 4 + uint32_t cacheKeyNoECS{0}; // 4 + // DoH-only */ + uint32_t cacheKeyUDP{0}; // 4 + int origFD{-1}; // 4 + int delayMsec{0}; +#ifdef __SANITIZE_THREAD__ + std::atomic age{0}; +#else + uint16_t age{0}; // 2 +#endif + uint16_t qtype{0}; // 2 + uint16_t qclass{0}; // 2 + // origID is in network-byte order + uint16_t origID{0}; // 2 + uint16_t origFlags{0}; // 2 + uint16_t cacheFlags{0}; // DNS flags as sent to the backend // 2 + dnsdist::Protocol protocol; // 1 + boost::optional uniqueId{boost::none}; // 17 (placed here to reduce the space lost to padding) + bool ednsAdded{false}; + bool ecsAdded{false}; + bool skipCache{false}; + bool destHarvested{false}; // if true, origDest holds the original dest addr, otherwise the listening addr + bool dnssecOK{false}; + bool useZeroScope{false}; +}; diff --git a/dnsdist-kvs.cc b/dnsdist-kvs.cc new file mode 100644 index 0000000..c2b6272 --- /dev/null +++ b/dnsdist-kvs.cc @@ -0,0 +1,285 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "dnsdist-kvs.hh" +#include "dolog.hh" + +#include + +std::vector KeyValueLookupKeySourceIP::getKeys(const ComboAddress& addr) +{ + std::vector result; + ComboAddress truncated(addr); + + std::string key; + if (truncated.isIPv4()) { + truncated.truncate(d_v4Mask); + key.reserve(sizeof(truncated.sin4.sin_addr.s_addr) + (d_includePort ? sizeof(truncated.sin4.sin_port) : 0)); + key.append(reinterpret_cast(&truncated.sin4.sin_addr.s_addr), sizeof(truncated.sin4.sin_addr.s_addr)); + } + else if (truncated.isIPv6()) { + truncated.truncate(d_v6Mask); + key.reserve(sizeof(truncated.sin6.sin6_addr.s6_addr) + (d_includePort ? sizeof(truncated.sin4.sin_port) : 0)); + key.append(reinterpret_cast(&truncated.sin6.sin6_addr.s6_addr), sizeof(truncated.sin6.sin6_addr.s6_addr)); + } + + if (d_includePort) { + key.append(reinterpret_cast(&truncated.sin4.sin_port), sizeof(truncated.sin4.sin_port)); + } + + result.push_back(std::move(key)); + + return result; +} + +std::vector KeyValueLookupKeySuffix::getKeys(const DNSName& qname) +{ + if (qname.empty() || qname.isRoot()) { + return {}; + } + + auto lowerQName = qname.makeLowerCase(); + size_t labelsCount = lowerQName.countLabels(); + if (d_minLabels != 0) { + if (labelsCount < d_minLabels) { + return {}; + } + labelsCount -= (d_minLabels - 1); + } + + std::vector result; + result.reserve(labelsCount); + + while(!lowerQName.isRoot()) { + result.emplace_back(d_wireFormat ? lowerQName.toDNSString() : lowerQName.toStringRootDot()); + labelsCount--; + if (!lowerQName.chopOff() || labelsCount == 0) { + break; + } + } + + return result; +} + +#ifdef HAVE_LMDB + +bool LMDBKVStore::getValue(const std::string& key, std::string& value) +{ + try { + auto transaction = d_env.getROTransaction(); + MDBOutVal result; + int rc = transaction->get(d_dbi, MDBInVal(key), result); + if (rc == 0) { + value = result.get(); + return true; + } + else if (rc == MDB_NOTFOUND) { + return false; + } + } + catch(const std::exception& e) { + warnlog("Error while looking up key '%s' from LMDB file '%s', database '%s': %s", key, d_fname, d_dbName, e.what()); + } + return false; +} + +bool LMDBKVStore::keyExists(const std::string& key) +{ + try { + auto transaction = d_env.getROTransaction(); + MDBOutVal result; + int rc = transaction->get(d_dbi, MDBInVal(key), result); + if (rc == 0) { + return true; + } + else if (rc == MDB_NOTFOUND) { + return false; + } + } + catch(const std::exception& e) { + warnlog("Error while looking up key '%s' from LMDB file '%s', database '%s': %s", key, d_fname, d_dbName, e.what()); + } + return false; +} + +bool LMDBKVStore::getRangeValue(const std::string& key, std::string& value) +{ + try { + auto transaction = d_env.getROTransaction(); + auto cursor = transaction->getROCursor(d_dbi); + MDBOutVal actualKey; + MDBOutVal result; + // for range-based lookups, we expect the data in LMDB + // to be stored with the last value of the range as key + // and the first value of the range as data, sometimes + // followed by any other content we don't care about + // range-based lookups are mostly useful for network ranges, + // for which we expect addresses to be stored in network byte + // order + + // retrieve the first key greater or equal to our key + int rc = cursor.lower_bound(MDBInVal(key), actualKey, result); + + if (rc == 0) { + auto last = actualKey.get(); + if (last.size() != key.size() || key > last) { + return false; + } + + value = result.get(); + if (value.size() < key.size()) { + return false; + } + + // take the first part of the data, which should be + // the first address of the range + auto first = value.substr(0, key.size()); + if (first.size() != key.size() || key < first) { + return false; + } + + return true; + } + else if (rc == MDB_NOTFOUND) { + return false; + } + } + catch(const std::exception& e) { + vinfolog("Error while looking up a range from LMDB file '%s', database '%s': %s", d_fname, d_dbName, e.what()); + } + return false; +} + +#endif /* HAVE_LMDB */ + +#ifdef HAVE_CDB + +CDBKVStore::CDBKVStore(const std::string& fname, time_t refreshDelay): d_fname(fname), d_refreshDelay(refreshDelay) +{ + d_refreshing.clear(); + + time_t now = time(nullptr); + if (d_refreshDelay > 0) { + d_nextCheck = now + d_refreshDelay; + } + + refreshDBIfNeeded(now); +} + +CDBKVStore::~CDBKVStore() { +} + +bool CDBKVStore::reload(const struct stat& st) +{ + auto newCDB = std::make_unique(d_fname); + { + *(d_cdb.write_lock()) = std::move(newCDB); + } + d_mtime = st.st_mtime; + return true; +} + +bool CDBKVStore::reload() +{ + struct stat st; + if (stat(d_fname.c_str(), &st) == 0) { + return reload(st); + } + else { + warnlog("Error while retrieving the last modification time of CDB database '%s': %s", d_fname, stringerror()); + return false; + } +} + +void CDBKVStore::refreshDBIfNeeded(time_t now) +{ + if (d_refreshing.test_and_set()) { + /* someone else is already refreshing */ + return; + } + + try { + struct stat st; + if (stat(d_fname.c_str(), &st) == 0) { + if (st.st_mtime > d_mtime) { + reload(st); + } + } + else { + warnlog("Error while retrieving the last modification time of CDB database '%s': %s", d_fname, stringerror()); + } + d_nextCheck = now + d_refreshDelay; + d_refreshing.clear(); + } + catch(...) { + d_refreshing.clear(); + throw; + } +} + +bool CDBKVStore::getValue(const std::string& key, std::string& value) +{ + time_t now = time(nullptr); + + try { + if (d_nextCheck != 0 && now >= d_nextCheck) { + refreshDBIfNeeded(now); + } + + { + auto cdb = d_cdb.read_lock(); + if (*cdb && (*cdb)->findOne(key, value)) { + return true; + } + } + } + catch(const std::exception& e) { + warnlog("Error while looking up key '%s' from CDB file '%s': %s", key, d_fname, e.what()); + } + return false; +} + +bool CDBKVStore::keyExists(const std::string& key) +{ + time_t now = time(nullptr); + + try { + if (d_nextCheck != 0 && now >= d_nextCheck) { + refreshDBIfNeeded(now); + } + + { + auto cdb = d_cdb.read_lock(); + if (!*cdb) { + return false; + } + + return (*cdb)->keyExists(key); + } + } + catch(const std::exception& e) { + warnlog("Error while looking up key '%s' from CDB file '%s': %s", key, d_fname, e.what()); + } + return false; +} + +#endif /* HAVE_CDB */ diff --git a/dnsdist-kvs.hh b/dnsdist-kvs.hh new file mode 100644 index 0000000..14d0bed --- /dev/null +++ b/dnsdist-kvs.hh @@ -0,0 +1,221 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include "dnsdist.hh" + +class KeyValueLookupKey +{ +public: + virtual ~KeyValueLookupKey() + { + } + virtual std::vector getKeys(const DNSQuestion&) = 0; + virtual std::string toString() const = 0; +}; + +class KeyValueLookupKeySourceIP: public KeyValueLookupKey +{ +public: + KeyValueLookupKeySourceIP(uint8_t v4Mask, uint8_t v6Mask, bool includePort): d_v4Mask(v4Mask), d_v6Mask(v6Mask), d_includePort(includePort) + { + } + + std::vector getKeys(const ComboAddress& addr); + + std::vector getKeys(const DNSQuestion& dq) override + { + return getKeys(*dq.remote); + } + + std::string toString() const override + { + return "source IP (masked to " + std::to_string(d_v4Mask) + " (v4) / " + std::to_string(d_v6Mask) + " (v6) bits)" + (d_includePort ? " including the port" : ""); + } +private: + uint8_t d_v4Mask; + uint8_t d_v6Mask; + bool d_includePort; +}; + +class KeyValueLookupKeyQName: public KeyValueLookupKey +{ +public: + + KeyValueLookupKeyQName(bool wireFormat): d_wireFormat(wireFormat) + { + } + + std::vector getKeys(const DNSName& qname) + { + if (d_wireFormat) { + return {qname.toDNSStringLC()}; + } + return {qname.makeLowerCase().toStringRootDot()}; + } + + std::vector getKeys(const DNSQuestion& dq) override + { + return getKeys(*dq.qname); + } + + std::string toString() const override + { + if (d_wireFormat) { + return "qname in wire format"; + } + return "qname"; + } + +private: + bool d_wireFormat; +}; + +class KeyValueLookupKeySuffix: public KeyValueLookupKey +{ +public: + KeyValueLookupKeySuffix(size_t minLabels, bool wireFormat): d_minLabels(minLabels), d_wireFormat(wireFormat) + { + } + + std::vector getKeys(const DNSName& qname); + + std::vector getKeys(const DNSQuestion& dq) override + { + return getKeys(*dq.qname); + } + + std::string toString() const override + { + if (d_minLabels > 0) { + return "suffix " + std::string(d_wireFormat ? "in wire format " : "") + "with at least " + std::to_string(d_minLabels) + " label(s)"; + } + return "suffix" + std::string(d_wireFormat ? " in wire format" : ""); + } + +private: + size_t d_minLabels; + bool d_wireFormat; +}; + +class KeyValueLookupKeyTag: public KeyValueLookupKey +{ +public: + KeyValueLookupKeyTag(const std::string& tag): d_tag(tag) + { + } + + std::vector getKeys(const DNSQuestion& dq) override + { + if (dq.qTag) { + const auto& it = dq.qTag->find(d_tag); + if (it != dq.qTag->end()) { + return { it->second }; + } + } + return {}; + } + + std::string toString() const override + { + return "value of the tag named '" + d_tag + "'"; + } + +private: + std::string d_tag; +}; + +class KeyValueStore +{ +public: + virtual ~KeyValueStore() + { + } + + virtual bool keyExists(const std::string& key) = 0; + virtual bool getValue(const std::string& key, std::string& value) = 0; + // do a range-based lookup (mostly useful for IP addresses), assuming that: + // there is a key for the last element of the range (2001:0db8:ffff:ffff:ffff:ffff:ffff:ffff, in network byte order, for 2001:db8::/32) + // which contains the first element of the range (2001:0db8:0000:0000:0000:0000:0000:0000, in network bytes order) followed by any data in the value + // AND there is no overlapping ranges in the database !! + // This requires that the underlying store supports ordered keys, which is true for LMDB but not for CDB, for example. + virtual bool getRangeValue(const std::string& key, std::string& value) + { + throw std::runtime_error("range-based lookups are not implemented for this Key-Value Store"); + } + virtual bool reload() + { + return false; + } +}; + +#ifdef HAVE_LMDB + +#include "ext/lmdb-safe/lmdb-safe.hh" + +class LMDBKVStore: public KeyValueStore +{ +public: + LMDBKVStore(const std::string& fname, const std::string& dbName, bool noLock=false): d_env(fname.c_str(), noLock ? MDB_NOSUBDIR|MDB_RDONLY|MDB_NOLOCK : MDB_NOSUBDIR|MDB_RDONLY, 0600), d_dbi(d_env.openDB(dbName, 0)), d_fname(fname), d_dbName(dbName) + { + } + + bool keyExists(const std::string& key) override; + bool getValue(const std::string& key, std::string& value) override; + bool getRangeValue(const std::string& key, std::string& value) override; + +private: + MDBEnv d_env; + MDBDbi d_dbi; + std::string d_fname; + std::string d_dbName; +}; + +#endif /* HAVE_LMDB */ + +#ifdef HAVE_CDB + +#include "cdb.hh" + +class CDBKVStore: public KeyValueStore +{ +public: + CDBKVStore(const std::string& fname, time_t refreshDelay); + ~CDBKVStore(); + + bool keyExists(const std::string& key) override; + bool getValue(const std::string& key, std::string& value) override; + bool reload() override; + +private: + void refreshDBIfNeeded(time_t now); + bool reload(const struct stat& st); + + SharedLockGuarded> d_cdb{nullptr}; + std::string d_fname; + time_t d_mtime{0}; + time_t d_nextCheck{0}; + time_t d_refreshDelay{0}; + std::atomic_flag d_refreshing; +}; + +#endif /* HAVE_LMDB */ diff --git a/dnsdist-lbpolicies.cc b/dnsdist-lbpolicies.cc new file mode 100644 index 0000000..d747ca7 --- /dev/null +++ b/dnsdist-lbpolicies.cc @@ -0,0 +1,357 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "dnsdist.hh" +#include "dnsdist-lbpolicies.hh" +#include "dnsdist-lua.hh" +#include "dnsdist-lua-ffi.hh" +#include "dolog.hh" + +GlobalStateHolder g_policy; +bool g_roundrobinFailOnNoServer{false}; + +// get server with least outstanding queries, and within those, with the lowest order, and within those: the fastest +shared_ptr leastOutstanding(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq) +{ + if (servers.size() == 1 && servers[0].second->isUp()) { + return servers[0].second; + } + + vector, size_t>> poss; + /* so you might wonder, why do we go through this trouble? The data on which we sort could change during the sort, + which would suck royally and could even lead to crashes. So first we snapshot on what we sort, and then we sort */ + poss.reserve(servers.size()); + size_t position = 0; + for(const auto& d : servers) { + if(d.second->isUp()) { + poss.emplace_back(make_tuple(d.second->outstanding.load(), d.second->order, d.second->latencyUsec), position); + } + ++position; + } + + if (poss.empty()) { + return shared_ptr(); + } + + nth_element(poss.begin(), poss.begin(), poss.end(), [](const decltype(poss)::value_type& a, const decltype(poss)::value_type& b) { return a.first < b.first; }); + return servers.at(poss.begin()->second).second; +} + +shared_ptr firstAvailable(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq) +{ + for(auto& d : servers) { + if (d.second->isUp() && d.second->qps.checkOnly()) { + return d.second; + } + } + return leastOutstanding(servers, dq); +} + +double g_weightedBalancingFactor = 0; + +static shared_ptr valrandom(unsigned int val, const ServerPolicy::NumberedServerVector& servers) +{ + vector> poss; + poss.reserve(servers.size()); + int sum = 0; + int max = std::numeric_limits::max(); + double targetLoad = std::numeric_limits::max(); + + if (g_weightedBalancingFactor > 0) { + /* we start with one, representing the query we are currently handling */ + double currentLoad = 1; + size_t totalWeight = 0; + for (const auto& pair : servers) { + if (pair.second->isUp()) { + currentLoad += pair.second->outstanding; + totalWeight += pair.second->weight; + } + } + + if (totalWeight > 0) { + targetLoad = (currentLoad / totalWeight) * g_weightedBalancingFactor; + } + } + + for (const auto& d : servers) { // w=1, w=10 -> 1, 11 + if (d.second->isUp() && (g_weightedBalancingFactor == 0 || (d.second->outstanding <= (targetLoad * d.second->weight)))) { + // Don't overflow sum when adding high weights + if (d.second->weight > max - sum) { + sum = max; + } else { + sum += d.second->weight; + } + + poss.emplace_back(sum, d.first); + } + } + + // Catch poss & sum are empty to avoid SIGFPE + if (poss.empty() || sum == 0) { + return shared_ptr(); + } + + int r = val % sum; + auto p = upper_bound(poss.begin(), poss.end(),r, [](int r_, const decltype(poss)::value_type& a) { return r_ < a.first;}); + if (p == poss.end()) { + return shared_ptr(); + } + + return servers.at(p->second - 1).second; +} + +shared_ptr wrandom(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq) +{ + return valrandom(random(), servers); +} + +uint32_t g_hashperturb; +double g_consistentHashBalancingFactor = 0; + +shared_ptr whashedFromHash(const ServerPolicy::NumberedServerVector& servers, size_t hash) +{ + return valrandom(hash, servers); +} + +shared_ptr whashed(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq) +{ + return whashedFromHash(servers, dq->qname->hash(g_hashperturb)); +} + +shared_ptr chashedFromHash(const ServerPolicy::NumberedServerVector& servers, size_t qhash) +{ + unsigned int sel = std::numeric_limits::max(); + unsigned int min = std::numeric_limits::max(); + shared_ptr ret = nullptr, first = nullptr; + + double targetLoad = std::numeric_limits::max(); + if (g_consistentHashBalancingFactor > 0) { + /* we start with one, representing the query we are currently handling */ + double currentLoad = 1; + size_t totalWeight = 0; + for (const auto& pair : servers) { + if (pair.second->isUp()) { + currentLoad += pair.second->outstanding; + totalWeight += pair.second->weight; + } + } + + if (totalWeight > 0) { + targetLoad = (currentLoad / totalWeight) * g_consistentHashBalancingFactor; + } + } + + for (const auto& d: servers) { + if (d.second->isUp() && (g_consistentHashBalancingFactor == 0 || d.second->outstanding <= (targetLoad * d.second->weight))) { + // make sure hashes have been computed + if (!d.second->hashesComputed) { + d.second->hash(); + } + { + const auto& server = d.second; + auto hashes = server->hashes.read_lock(); + // we want to keep track of the last hash + if (min > *(hashes->begin())) { + min = *(hashes->begin()); + first = server; + } + + auto hash_it = std::lower_bound(hashes->begin(), hashes->end(), qhash); + if (hash_it != hashes->end()) { + if (*hash_it < sel) { + sel = *hash_it; + ret = server; + } + } + } + } + } + if (ret != nullptr) { + return ret; + } + if (first != nullptr) { + return first; + } + return shared_ptr(); +} + +shared_ptr chashed(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq) +{ + return chashedFromHash(servers, dq->qname->hash(g_hashperturb)); +} + +shared_ptr roundrobin(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq) +{ + if (servers.empty()) { + return shared_ptr(); + } + + vector candidates; + candidates.reserve(servers.size()); + + for (auto& d : servers) { + if (d.second->isUp()) { + candidates.push_back(d.first); + } + } + + if (candidates.empty()) { + if (g_roundrobinFailOnNoServer) { + return shared_ptr(); + } + for (auto& d : servers) { + candidates.push_back(d.first); + } + } + + static unsigned int counter; + return servers.at(candidates.at((counter++) % candidates.size()) - 1).second; +} + +const std::shared_ptr getDownstreamCandidates(const pools_t& pools, const std::string& poolName) +{ + std::shared_ptr pool = getPool(pools, poolName); + return pool->getServers(); +} + +std::shared_ptr createPoolIfNotExists(pools_t& pools, const string& poolName) +{ + std::shared_ptr pool; + pools_t::iterator it = pools.find(poolName); + if (it != pools.end()) { + pool = it->second; + } + else { + if (!poolName.empty()) + vinfolog("Creating pool %s", poolName); + pool = std::make_shared(); + pools.insert(std::pair >(poolName, pool)); + } + return pool; +} + +void setPoolPolicy(pools_t& pools, const string& poolName, std::shared_ptr policy) +{ + std::shared_ptr pool = createPoolIfNotExists(pools, poolName); + if (!poolName.empty()) { + vinfolog("Setting pool %s server selection policy to %s", poolName, policy->getName()); + } else { + vinfolog("Setting default pool server selection policy to %s", policy->getName()); + } + pool->policy = policy; +} + +void addServerToPool(pools_t& pools, const string& poolName, std::shared_ptr server) +{ + std::shared_ptr pool = createPoolIfNotExists(pools, poolName); + if (!poolName.empty()) { + vinfolog("Adding server to pool %s", poolName); + } else { + vinfolog("Adding server to default pool"); + } + pool->addServer(server); +} + +void removeServerFromPool(pools_t& pools, const string& poolName, std::shared_ptr server) +{ + std::shared_ptr pool = getPool(pools, poolName); + + if (!poolName.empty()) { + vinfolog("Removing server from pool %s", poolName); + } + else { + vinfolog("Removing server from default pool"); + } + + pool->removeServer(server); +} + +std::shared_ptr getPool(const pools_t& pools, const std::string& poolName) +{ + pools_t::const_iterator it = pools.find(poolName); + + if (it == pools.end()) { + throw std::out_of_range("No pool named " + poolName); + } + + return it->second; +} + +ServerPolicy::ServerPolicy(const std::string& name_, const std::string& code): d_name(name_), d_perThreadPolicyCode(code), d_isLua(true), d_isFFI(true), d_isPerThread(true) +{ + LuaContext tmpContext; + setupLuaLoadBalancingContext(tmpContext); + auto ret = tmpContext.executeCode(code); +} + +thread_local ServerPolicy::PerThreadState ServerPolicy::t_perThreadState; + +const ServerPolicy::ffipolicyfunc_t& ServerPolicy::getPerThreadPolicy() const +{ + auto& state = t_perThreadState; + if (!state.d_initialized) { + setupLuaLoadBalancingContext(state.d_luaContext); + state.d_initialized = true; + } + + const auto& it = state.d_policies.find(d_name); + if (it != state.d_policies.end()) { + return it->second; + } + + auto newPolicy = state.d_luaContext.executeCode(d_perThreadPolicyCode); + state.d_policies[d_name] = std::move(newPolicy); + return state.d_policies.at(d_name); +} + +std::shared_ptr ServerPolicy::getSelectedBackend(const ServerPolicy::NumberedServerVector& servers, DNSQuestion& dq) const +{ + std::shared_ptr selectedBackend{nullptr}; + + if (d_isLua) { + if (!d_isFFI) { + auto lock = g_lua.lock(); + selectedBackend = d_policy(servers, &dq); + } + else { + dnsdist_ffi_dnsquestion_t dnsq(&dq); + dnsdist_ffi_servers_list_t serversList(servers); + unsigned int selected = 0; + + if (!d_isPerThread) { + auto lock = g_lua.lock(); + selected = d_ffipolicy(&serversList, &dnsq); + } + else { + const auto& policy = getPerThreadPolicy(); + selected = policy(&serversList, &dnsq); + } + + selectedBackend = servers.at(selected).second; + } + } + else { + selectedBackend = d_policy(servers, &dq); + } + + return selectedBackend; +} diff --git a/dnsdist-lbpolicies.hh b/dnsdist-lbpolicies.hh new file mode 100644 index 0000000..395deec --- /dev/null +++ b/dnsdist-lbpolicies.hh @@ -0,0 +1,114 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +struct dnsdist_ffi_servers_list_t; +struct dnsdist_ffi_server_t; +struct dnsdist_ffi_dnsquestion_t; + +struct DownstreamState; + +struct PerThreadPoliciesState; + +class ServerPolicy +{ +public: + template using NumberedVector = std::vector >; + using NumberedServerVector = NumberedVector>; + typedef std::function(const NumberedServerVector& servers, const DNSQuestion*)> policyfunc_t; + typedef std::function ffipolicyfunc_t; + + ServerPolicy(const std::string& name_, policyfunc_t policy_, bool isLua_): d_name(name_), d_policy(policy_), d_isLua(isLua_) + { + } + + ServerPolicy(const std::string& name_, ffipolicyfunc_t policy_): d_name(name_), d_ffipolicy(policy_), d_isLua(true), d_isFFI(true) + { + } + + /* create a per-thread FFI policy */ + ServerPolicy(const std::string& name_, const std::string& code); + + ServerPolicy() + { + } + + std::shared_ptr getSelectedBackend(const ServerPolicy::NumberedServerVector& servers, DNSQuestion& dq) const; + + const std::string& getName() const + { + return d_name; + } + + std::string toString() const { + return string("ServerPolicy") + (d_isLua ? " (Lua)" : "") + " \"" + d_name + "\""; + } + +private: + struct PerThreadState + { + LuaContext d_luaContext; + std::unordered_map d_policies; + bool d_initialized{false}; + }; + + const ffipolicyfunc_t& getPerThreadPolicy() const; + static thread_local PerThreadState t_perThreadState; + + +public: + std::string d_name; + std::string d_perThreadPolicyCode; + + policyfunc_t d_policy; + ffipolicyfunc_t d_ffipolicy; + + bool d_isLua{false}; + bool d_isFFI{false}; + bool d_isPerThread{false}; +}; + +struct ServerPool; + +using pools_t = map>; +std::shared_ptr getPool(const pools_t& pools, const std::string& poolName); +std::shared_ptr createPoolIfNotExists(pools_t& pools, const string& poolName); +void setPoolPolicy(pools_t& pools, const string& poolName, std::shared_ptr policy); +void addServerToPool(pools_t& pools, const string& poolName, std::shared_ptr server); +void removeServerFromPool(pools_t& pools, const string& poolName, std::shared_ptr server); + +const std::shared_ptr getDownstreamCandidates(const map>& pools, const std::string& poolName); + +std::shared_ptr firstAvailable(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq); + +std::shared_ptr leastOutstanding(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq); +std::shared_ptr wrandom(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq); +std::shared_ptr whashed(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq); +std::shared_ptr whashedFromHash(const ServerPolicy::NumberedServerVector& servers, size_t hash); +std::shared_ptr chashed(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq); +std::shared_ptr chashedFromHash(const ServerPolicy::NumberedServerVector& servers, size_t hash); +std::shared_ptr roundrobin(const ServerPolicy::NumberedServerVector& servers, const DNSQuestion* dq); + +extern double g_consistentHashBalancingFactor; +extern double g_weightedBalancingFactor; +extern uint32_t g_hashperturb; +extern bool g_roundrobinFailOnNoServer; diff --git a/dnsdist-lua-actions.cc b/dnsdist-lua-actions.cc new file mode 100644 index 0000000..03475f7 --- /dev/null +++ b/dnsdist-lua-actions.cc @@ -0,0 +1,2454 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "config.h" +#include "threadname.hh" +#include "dnsdist.hh" +#include "dnsdist-ecs.hh" +#include "dnsdist-lua.hh" +#include "dnsdist-lua-ffi.hh" +#include "dnsdist-protobuf.hh" +#include "dnsdist-kvs.hh" +#include "dnsdist-svc.hh" + +#include "dolog.hh" +#include "dnstap.hh" +#include "dnswriter.hh" +#include "ednsoptions.hh" +#include "fstrm_logger.hh" +#include "remote_logger.hh" +#include "svc-records.hh" + +#include + +#ifdef HAVE_LIBCRYPTO +#include "ipcipher.hh" +#endif /* HAVE_LIBCRYPTO */ + +class DropAction : public DNSAction +{ +public: + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + return Action::Drop; + } + std::string toString() const override + { + return "drop"; + } +}; + +class AllowAction : public DNSAction +{ +public: + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + return Action::Allow; + } + std::string toString() const override + { + return "allow"; + } +}; + +class NoneAction : public DNSAction +{ +public: + // this action does not stop the processing + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + return Action::None; + } + std::string toString() const override + { + return "no op"; + } +}; + +class QPSAction : public DNSAction +{ +public: + QPSAction(int limit) : d_qps(QPSLimiter(limit, limit)) + { + } + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + if (d_qps.lock()->check()) { + return Action::None; + } + else { + return Action::Drop; + } + } + std::string toString() const override + { + return "qps limit to "+std::to_string(d_qps.lock()->getRate()); + } +private: + mutable LockGuarded d_qps; +}; + +class DelayAction : public DNSAction +{ +public: + DelayAction(int msec) : d_msec(msec) + { + } + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + *ruleresult = std::to_string(d_msec); + return Action::Delay; + } + std::string toString() const override + { + return "delay by "+std::to_string(d_msec)+ " msec"; + } +private: + int d_msec; +}; + +class TeeAction : public DNSAction +{ +public: + // this action does not stop the processing + TeeAction(const ComboAddress& ca, bool addECS=false); + ~TeeAction() override; + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override; + std::string toString() const override; + std::map getStats() const override; + +private: + ComboAddress d_remote; + std::thread d_worker; + void worker(); + + int d_fd{-1}; + mutable std::atomic d_senderrors{0}; + unsigned long d_recverrors{0}; + mutable std::atomic d_queries{0}; + stat_t d_responses{0}; + stat_t d_nxdomains{0}; + stat_t d_servfails{0}; + stat_t d_refuseds{0}; + stat_t d_formerrs{0}; + stat_t d_notimps{0}; + stat_t d_noerrors{0}; + mutable stat_t d_tcpdrops{0}; + stat_t d_otherrcode{0}; + std::atomic d_pleaseQuit{false}; + bool d_addECS{false}; +}; + +TeeAction::TeeAction(const ComboAddress& ca, bool addECS) : d_remote(ca), d_addECS(addECS) +{ + d_fd=SSocket(d_remote.sin4.sin_family, SOCK_DGRAM, 0); + try { + SConnect(d_fd, d_remote); + setNonBlocking(d_fd); + d_worker=std::thread([this](){worker();}); + } + catch (...) { + if (d_fd != -1) { + close(d_fd); + } + throw; + } +} + +TeeAction::~TeeAction() +{ + d_pleaseQuit=true; + close(d_fd); + d_worker.join(); +} + +DNSAction::Action TeeAction::operator()(DNSQuestion* dq, std::string* ruleresult) const +{ + if (dq->overTCP()) { + d_tcpdrops++; + } + else { + ssize_t res; + d_queries++; + + if(d_addECS) { + PacketBuffer query(dq->getData()); + bool ednsAdded = false; + bool ecsAdded = false; + + std::string newECSOption; + generateECSOption(dq->ecsSet ? dq->ecs.getNetwork() : *dq->remote, newECSOption, dq->ecsSet ? dq->ecs.getBits() : dq->ecsPrefixLength); + + if (!handleEDNSClientSubnet(query, dq->getMaximumSize(), dq->qname->wirelength(), ednsAdded, ecsAdded, dq->ecsOverride, newECSOption)) { + return DNSAction::Action::None; + } + + res = send(d_fd, query.data(), query.size(), 0); + } + else { + res = send(d_fd, dq->getData().data(), dq->getData().size(), 0); + } + + if (res <= 0) { + d_senderrors++; + } + } + + return DNSAction::Action::None; +} + +std::string TeeAction::toString() const +{ + return "tee to "+d_remote.toStringWithPort(); +} + +std::map TeeAction::getStats() const +{ + return {{"queries", d_queries}, + {"responses", d_responses}, + {"recv-errors", d_recverrors}, + {"send-errors", d_senderrors}, + {"noerrors", d_noerrors}, + {"nxdomains", d_nxdomains}, + {"refuseds", d_refuseds}, + {"servfails", d_servfails}, + {"other-rcode", d_otherrcode}, + {"tcp-drops", d_tcpdrops} + }; +} + +void TeeAction::worker() +{ + setThreadName("dnsdist/TeeWork"); + char packet[1500]; + int res=0; + struct dnsheader* dh=(struct dnsheader*)packet; + for(;;) { + res=waitForData(d_fd, 0, 250000); + if(d_pleaseQuit) + break; + if(res < 0) { + usleep(250000); + continue; + } + if(res==0) + continue; + res=recv(d_fd, packet, sizeof(packet), 0); + if(res <= (int)sizeof(struct dnsheader)) + d_recverrors++; + else + d_responses++; + + if(dh->rcode == RCode::NoError) + d_noerrors++; + else if(dh->rcode == RCode::ServFail) + d_servfails++; + else if(dh->rcode == RCode::NXDomain) + d_nxdomains++; + else if(dh->rcode == RCode::Refused) + d_refuseds++; + else if(dh->rcode == RCode::FormErr) + d_formerrs++; + else if(dh->rcode == RCode::NotImp) + d_notimps++; + } +} + +class PoolAction : public DNSAction +{ +public: + PoolAction(const std::string& pool) : d_pool(pool) {} + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + *ruleresult=d_pool; + return Action::Pool; + } + std::string toString() const override + { + return "to pool "+d_pool; + } + +private: + std::string d_pool; +}; + + +class QPSPoolAction : public DNSAction +{ +public: + QPSPoolAction(unsigned int limit, const std::string& pool) : d_qps(QPSLimiter(limit, limit)), d_pool(pool) {} + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + if (d_qps.lock()->check()) { + *ruleresult = d_pool; + return Action::Pool; + } + else { + return Action::None; + } + } + std::string toString() const override + { + return "max " +std::to_string(d_qps.lock()->getRate())+" to pool "+d_pool; + } + +private: + mutable LockGuarded d_qps; + const std::string d_pool; +}; + +class RCodeAction : public DNSAction +{ +public: + RCodeAction(uint8_t rcode) : d_rcode(rcode) {} + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->getHeader()->rcode = d_rcode; + dq->getHeader()->qr = true; // for good measure + setResponseHeadersFromConfig(*dq->getHeader(), d_responseConfig); + return Action::HeaderModify; + } + std::string toString() const override + { + return "set rcode "+std::to_string(d_rcode); + } + + ResponseConfig d_responseConfig; +private: + uint8_t d_rcode; +}; + +class ERCodeAction : public DNSAction +{ +public: + ERCodeAction(uint8_t rcode) : d_rcode(rcode) {} + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->getHeader()->rcode = (d_rcode & 0xF); + dq->ednsRCode = ((d_rcode & 0xFFF0) >> 4); + dq->getHeader()->qr = true; // for good measure + setResponseHeadersFromConfig(*dq->getHeader(), d_responseConfig); + return Action::HeaderModify; + } + std::string toString() const override + { + return "set ercode "+ERCode::to_s(d_rcode); + } + + ResponseConfig d_responseConfig; +private: + uint8_t d_rcode; +}; + +class SpoofSVCAction : public DNSAction +{ +public: + SpoofSVCAction(const std::vector>& parameters) + { + d_payloads.reserve(parameters.size()); + + for (const auto& param : parameters) { + std::vector payload; + if (!generateSVCPayload(payload, param.second)) { + throw std::runtime_error("Unable to generate a valid SVC record from the supplied parameters"); + } + + d_totalPayloadsSize += payload.size(); + d_payloads.push_back(std::move(payload)); + + for (const auto& hint : param.second.ipv4hints) { + d_additionals4.insert({ param.second.target, ComboAddress(hint) }); + } + + for (const auto& hint : param.second.ipv6hints) { + d_additionals6.insert({ param.second.target, ComboAddress(hint) }); + } + } + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + /* it will likely be a bit bigger than that because of additionals */ + uint16_t numberOfRecords = d_payloads.size(); + const auto qnameWireLength = dq->qname->wirelength(); + if (dq->getMaximumSize() < (sizeof(dnsheader) + qnameWireLength + 4 + numberOfRecords*12 /* recordstart */ + d_totalPayloadsSize)) { + return Action::None; + } + + PacketBuffer newPacket; + newPacket.reserve(sizeof(dnsheader) + qnameWireLength + 4 + numberOfRecords*12 /* recordstart */ + d_totalPayloadsSize); + GenericDNSPacketWriter pw(newPacket, *dq->qname, dq->qtype); + for (const auto& payload : d_payloads) { + pw.startRecord(*dq->qname, dq->qtype, d_responseConfig.ttl); + pw.xfrBlob(payload); + pw.commit(); + } + + if (newPacket.size() < dq->getMaximumSize()) { + for (const auto& additional : d_additionals4) { + pw.startRecord(additional.first.isRoot() ? *dq->qname : additional.first, QType::A, d_responseConfig.ttl, QClass::IN, DNSResourceRecord::ADDITIONAL); + pw.xfrCAWithoutPort(4, additional.second); + pw.commit(); + } + } + + if (newPacket.size() < dq->getMaximumSize()) { + for (const auto& additional : d_additionals6) { + pw.startRecord(additional.first.isRoot() ? *dq->qname : additional.first, QType::AAAA, d_responseConfig.ttl, QClass::IN, DNSResourceRecord::ADDITIONAL); + pw.xfrCAWithoutPort(6, additional.second); + pw.commit(); + } + } + + if (g_addEDNSToSelfGeneratedResponses && queryHasEDNS(*dq)) { + bool dnssecOK = getEDNSZ(*dq) & EDNS_HEADER_FLAG_DO; + pw.addOpt(g_PayloadSizeSelfGenAnswers, 0, dnssecOK ? EDNS_HEADER_FLAG_DO : 0); + pw.commit(); + } + + if (newPacket.size() >= dq->getMaximumSize()) { + /* sorry! */ + return Action::None; + } + + pw.getHeader()->id = dq->getHeader()->id; + pw.getHeader()->qr = true; // for good measure + setResponseHeadersFromConfig(*pw.getHeader(), d_responseConfig); + dq->getMutableData() = std::move(newPacket); + + return Action::HeaderModify; + } + std::string toString() const override + { + return "spoof SVC record "; + } + + ResponseConfig d_responseConfig; +private: + std::vector> d_payloads; + std::set> d_additionals4; + std::set> d_additionals6; + size_t d_totalPayloadsSize{0}; +}; + +class TCAction : public DNSAction +{ +public: + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + return Action::Truncate; + } + std::string toString() const override + { + return "tc=1 answer"; + } +}; + +class LuaAction : public DNSAction +{ +public: + typedef std::function >(DNSQuestion* dq)> func_t; + LuaAction(const LuaAction::func_t& func) : d_func(func) + {} + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + auto lock = g_lua.lock(); + try { + auto ret = d_func(dq); + if (ruleresult) { + if (boost::optional rule = std::get<1>(ret)) { + *ruleresult = *rule; + } + else { + // default to empty string + ruleresult->clear(); + } + } + return static_cast(std::get<0>(ret)); + } catch (const std::exception &e) { + warnlog("LuaAction failed inside Lua, returning ServFail: %s", e.what()); + } catch (...) { + warnlog("LuaAction failed inside Lua, returning ServFail: [unknown exception]"); + } + return DNSAction::Action::ServFail; + } + + string toString() const override + { + return "Lua script"; + } +private: + func_t d_func; +}; + +class LuaResponseAction : public DNSResponseAction +{ +public: + typedef std::function >(DNSResponse* dr)> func_t; + LuaResponseAction(const LuaResponseAction::func_t& func) : d_func(func) + {} + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + auto lock = g_lua.lock(); + try { + auto ret = d_func(dr); + if (ruleresult) { + if (boost::optional rule = std::get<1>(ret)) { + *ruleresult = *rule; + } + else { + // default to empty string + ruleresult->clear(); + } + } + return static_cast(std::get<0>(ret)); + } catch (const std::exception &e) { + warnlog("LuaResponseAction failed inside Lua, returning ServFail: %s", e.what()); + } catch (...) { + warnlog("LuaResponseAction failed inside Lua, returning ServFail: [unknown exception]"); + } + return DNSResponseAction::Action::ServFail; + } + + string toString() const override + { + return "Lua response script"; + } +private: + func_t d_func; +}; + +class LuaFFIAction: public DNSAction +{ +public: + typedef std::function func_t; + + LuaFFIAction(const LuaFFIAction::func_t& func): d_func(func) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dnsdist_ffi_dnsquestion_t dqffi(dq); + try { + auto lock = g_lua.lock(); + auto ret = d_func(&dqffi); + if (ruleresult) { + if (dqffi.result) { + *ruleresult = *dqffi.result; + } + else { + // default to empty string + ruleresult->clear(); + } + } + return static_cast(ret); + } catch (const std::exception &e) { + warnlog("LuaFFIAction failed inside Lua, returning ServFail: %s", e.what()); + } catch (...) { + warnlog("LuaFFIAction failed inside Lua, returning ServFail: [unknown exception]"); + } + return DNSAction::Action::ServFail; + } + + string toString() const override + { + return "Lua FFI script"; + } +private: + func_t d_func; +}; + +class LuaFFIPerThreadAction: public DNSAction +{ +public: + typedef std::function func_t; + + LuaFFIPerThreadAction(const std::string& code): d_functionCode(code), d_functionID(s_functionsCounter++) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + try { + auto& state = t_perThreadStates[d_functionID]; + if (!state.d_initialized) { + setupLuaFFIPerThreadContext(state.d_luaContext); + /* mark the state as initialized first so if there is a syntax error + we only try to execute the code once */ + state.d_initialized = true; + state.d_func = state.d_luaContext.executeCode(d_functionCode); + } + + if (!state.d_func) { + /* the function was not properly initialized */ + return DNSAction::Action::None; + } + + dnsdist_ffi_dnsquestion_t dqffi(dq); + auto ret = state.d_func(&dqffi); + if (ruleresult) { + if (dqffi.result) { + *ruleresult = *dqffi.result; + } + else { + // default to empty string + ruleresult->clear(); + } + } + return static_cast(ret); + } + catch (const std::exception &e) { + warnlog("LuaFFIPerThreadAction failed inside Lua, returning ServFail: %s", e.what()); + } + catch (...) { + warnlog("LuaFFIPerthreadAction failed inside Lua, returning ServFail: [unknown exception]"); + } + return DNSAction::Action::ServFail; + } + + string toString() const override + { + return "Lua FFI per-thread script"; + } + +private: + struct PerThreadState + { + LuaContext d_luaContext; + func_t d_func; + bool d_initialized{false}; + }; + static std::atomic s_functionsCounter; + static thread_local std::map t_perThreadStates; + const std::string d_functionCode; + const uint64_t d_functionID; +}; + +std::atomic LuaFFIPerThreadAction::s_functionsCounter = 0; +thread_local std::map LuaFFIPerThreadAction::t_perThreadStates; + +class LuaFFIResponseAction: public DNSResponseAction +{ +public: + typedef std::function func_t; + + LuaFFIResponseAction(const LuaFFIResponseAction::func_t& func): d_func(func) + { + } + + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + DNSQuestion* dq = dynamic_cast(dr); + if (dq == nullptr) { + return DNSResponseAction::Action::ServFail; + } + + dnsdist_ffi_dnsquestion_t dqffi(dq); + try { + auto lock = g_lua.lock(); + auto ret = d_func(&dqffi); + if (ruleresult) { + if (dqffi.result) { + *ruleresult = *dqffi.result; + } + else { + // default to empty string + ruleresult->clear(); + } + } + return static_cast(ret); + } catch (const std::exception &e) { + warnlog("LuaFFIResponseAction failed inside Lua, returning ServFail: %s", e.what()); + } catch (...) { + warnlog("LuaFFIResponseAction failed inside Lua, returning ServFail: [unknown exception]"); + } + return DNSResponseAction::Action::ServFail; + } + + string toString() const override + { + return "Lua FFI script"; + } +private: + func_t d_func; +}; + +class LuaFFIPerThreadResponseAction: public DNSResponseAction +{ +public: + typedef std::function func_t; + + LuaFFIPerThreadResponseAction(const std::string& code): d_functionCode(code), d_functionID(s_functionsCounter++) + { + } + + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + DNSQuestion* dq = dynamic_cast(dr); + if (dq == nullptr) { + return DNSResponseAction::Action::ServFail; + } + + try { + auto& state = t_perThreadStates[d_functionID]; + if (!state.d_initialized) { + setupLuaFFIPerThreadContext(state.d_luaContext); + /* mark the state as initialized first so if there is a syntax error + we only try to execute the code once */ + state.d_initialized = true; + state.d_func = state.d_luaContext.executeCode(d_functionCode); + } + + if (!state.d_func) { + /* the function was not properly initialized */ + return DNSResponseAction::Action::None; + } + + dnsdist_ffi_dnsquestion_t dqffi(dq); + auto ret = state.d_func(&dqffi); + if (ruleresult) { + if (dqffi.result) { + *ruleresult = *dqffi.result; + } + else { + // default to empty string + ruleresult->clear(); + } + } + return static_cast(ret); + } + catch (const std::exception &e) { + warnlog("LuaFFIPerThreadResponseAction failed inside Lua, returning ServFail: %s", e.what()); + } + catch (...) { + warnlog("LuaFFIPerthreadResponseAction failed inside Lua, returning ServFail: [unknown exception]"); + } + return DNSResponseAction::Action::ServFail; + } + + string toString() const override + { + return "Lua FFI per-thread script"; + } + +private: + struct PerThreadState + { + LuaContext d_luaContext; + func_t d_func; + bool d_initialized{false}; + }; + + static std::atomic s_functionsCounter; + static thread_local std::map t_perThreadStates; + const std::string d_functionCode; + const uint64_t d_functionID; +}; + +std::atomic LuaFFIPerThreadResponseAction::s_functionsCounter = 0; +thread_local std::map LuaFFIPerThreadResponseAction::t_perThreadStates; + +thread_local std::default_random_engine SpoofAction::t_randomEngine; + +DNSAction::Action SpoofAction::operator()(DNSQuestion* dq, std::string* ruleresult) const +{ + uint16_t qtype = dq->qtype; + // do we even have a response? + if (d_cname.empty() && + d_rawResponses.empty() && + d_types.count(qtype) == 0) { + return Action::None; + } + + vector addrs; + vector rawResponses; + unsigned int totrdatalen = 0; + uint16_t numberOfRecords = 0; + if (!d_cname.empty()) { + qtype = QType::CNAME; + totrdatalen += d_cname.getStorage().size(); + numberOfRecords = 1; + } else if (!d_rawResponses.empty()) { + rawResponses.reserve(d_rawResponses.size()); + for(const auto& rawResponse : d_rawResponses){ + totrdatalen += rawResponse.size(); + rawResponses.push_back(rawResponse); + ++numberOfRecords; + } + if (rawResponses.size() > 1) { + shuffle(rawResponses.begin(), rawResponses.end(), t_randomEngine); + } + } + else { + for(const auto& addr : d_addrs) { + if(qtype != QType::ANY && ((addr.sin4.sin_family == AF_INET && qtype != QType::A) || + (addr.sin4.sin_family == AF_INET6 && qtype != QType::AAAA))) { + continue; + } + totrdatalen += addr.sin4.sin_family == AF_INET ? sizeof(addr.sin4.sin_addr.s_addr) : sizeof(addr.sin6.sin6_addr.s6_addr); + addrs.push_back(addr); + ++numberOfRecords; + } + } + + if (addrs.size() > 1) { + shuffle(addrs.begin(), addrs.end(), t_randomEngine); + } + + unsigned int qnameWireLength=0; + DNSName ignore(reinterpret_cast(dq->getData().data()), dq->getData().size(), sizeof(dnsheader), false, 0, 0, &qnameWireLength); + + if (dq->getMaximumSize() < (sizeof(dnsheader) + qnameWireLength + 4 + numberOfRecords*12 /* recordstart */ + totrdatalen)) { + return Action::None; + } + + bool dnssecOK = false; + bool hadEDNS = false; + if (g_addEDNSToSelfGeneratedResponses && queryHasEDNS(*dq)) { + hadEDNS = true; + dnssecOK = getEDNSZ(*dq) & EDNS_HEADER_FLAG_DO; + } + + auto& data = dq->getMutableData(); + data.resize(sizeof(dnsheader) + qnameWireLength + 4 + numberOfRecords*12 /* recordstart */ + totrdatalen); // there goes your EDNS + uint8_t* dest = &(data.at(sizeof(dnsheader) + qnameWireLength + 4)); + + dq->getHeader()->qr = true; // for good measure + setResponseHeadersFromConfig(*dq->getHeader(), d_responseConfig); + dq->getHeader()->ancount = 0; + dq->getHeader()->arcount = 0; // for now, forget about your EDNS, we're marching over it + + uint32_t ttl = htonl(d_responseConfig.ttl); + unsigned char recordstart[] = {0xc0, 0x0c, // compressed name + 0, 0, // QTYPE + 0, QClass::IN, + 0, 0, 0, 0, // TTL + 0, 0 }; // rdata length + static_assert(sizeof(recordstart) == 12, "sizeof(recordstart) must be equal to 12, otherwise the above check is invalid"); + memcpy(&recordstart[6], &ttl, sizeof(ttl)); + bool raw = false; + + if (qtype == QType::CNAME) { + const auto& wireData = d_cname.getStorage(); // Note! This doesn't do compression! + uint16_t rdataLen = htons(wireData.length()); + qtype = htons(qtype); + memcpy(&recordstart[2], &qtype, sizeof(qtype)); + memcpy(&recordstart[10], &rdataLen, sizeof(rdataLen)); + + memcpy(dest, recordstart, sizeof(recordstart)); + dest += sizeof(recordstart); + memcpy(dest, wireData.c_str(), wireData.length()); + dq->getHeader()->ancount++; + } + else if (!rawResponses.empty()) { + qtype = htons(qtype); + for(const auto& rawResponse : rawResponses){ + uint16_t rdataLen = htons(rawResponse.size()); + memcpy(&recordstart[2], &qtype, sizeof(qtype)); + memcpy(&recordstart[10], &rdataLen, sizeof(rdataLen)); + + memcpy(dest, recordstart, sizeof(recordstart)); + dest += sizeof(recordstart); + + memcpy(dest, rawResponse.c_str(), rawResponse.size()); + dest += rawResponse.size(); + + dq->getHeader()->ancount++; + } + raw = true; + } + else { + for(const auto& addr : addrs) { + uint16_t rdataLen = htons(addr.sin4.sin_family == AF_INET ? sizeof(addr.sin4.sin_addr.s_addr) : sizeof(addr.sin6.sin6_addr.s6_addr)); + qtype = htons(addr.sin4.sin_family == AF_INET ? QType::A : QType::AAAA); + memcpy(&recordstart[2], &qtype, sizeof(qtype)); + memcpy(&recordstart[10], &rdataLen, sizeof(rdataLen)); + + memcpy(dest, recordstart, sizeof(recordstart)); + dest += sizeof(recordstart); + + memcpy(dest, + addr.sin4.sin_family == AF_INET ? reinterpret_cast(&addr.sin4.sin_addr.s_addr) : reinterpret_cast(&addr.sin6.sin6_addr.s6_addr), + addr.sin4.sin_family == AF_INET ? sizeof(addr.sin4.sin_addr.s_addr) : sizeof(addr.sin6.sin6_addr.s6_addr)); + dest += (addr.sin4.sin_family == AF_INET ? sizeof(addr.sin4.sin_addr.s_addr) : sizeof(addr.sin6.sin6_addr.s6_addr)); + dq->getHeader()->ancount++; + } + } + + dq->getHeader()->ancount = htons(dq->getHeader()->ancount); + + if (hadEDNS && raw == false) { + addEDNS(dq->getMutableData(), dq->getMaximumSize(), dnssecOK, g_PayloadSizeSelfGenAnswers, 0); + } + + return Action::HeaderModify; +} + +class SetMacAddrAction : public DNSAction +{ +public: + // this action does not stop the processing + SetMacAddrAction(uint16_t code) : d_code(code) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + std::string mac = getMACAddress(*dq->remote); + if (mac.empty()) { + return Action::None; + } + + std::string optRData; + generateEDNSOption(d_code, mac, optRData); + + if (dq->getHeader()->arcount) { + bool ednsAdded = false; + bool optionAdded = false; + PacketBuffer newContent; + newContent.reserve(dq->getData().size()); + + if (!slowRewriteEDNSOptionInQueryWithRecords(dq->getData(), newContent, ednsAdded, d_code, optionAdded, true, optRData)) { + return Action::None; + } + + if (newContent.size() > dq->getMaximumSize()) { + return Action::None; + } + + dq->getMutableData() = std::move(newContent); + if (!dq->ednsAdded && ednsAdded) { + dq->ednsAdded = true; + } + + return Action::None; + } + + auto& data = dq->getMutableData(); + if (generateOptRR(optRData, data, dq->getMaximumSize(), g_EdnsUDPPayloadSize, 0, false)) { + dq->getHeader()->arcount = htons(1); + // make sure that any EDNS sent by the backend is removed before forwarding the response to the client + dq->ednsAdded = true; + } + + return Action::None; + } + std::string toString() const override + { + return "add EDNS MAC (code=" + std::to_string(d_code) + ")"; + } +private: + uint16_t d_code{3}; +}; + + +class SetEDNSOptionAction : public DNSAction +{ +public: + // this action does not stop the processing + SetEDNSOptionAction(uint16_t code, const std::string& data) : d_code(code), d_data(data) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + std::string optRData; + generateEDNSOption(d_code, d_data, optRData); + + if (dq->getHeader()->arcount) { + bool ednsAdded = false; + bool optionAdded = false; + PacketBuffer newContent; + newContent.reserve(dq->getData().size()); + + if (!slowRewriteEDNSOptionInQueryWithRecords(dq->getData(), newContent, ednsAdded, d_code, optionAdded, true, optRData)) { + return Action::None; + } + + if (newContent.size() > dq->getMaximumSize()) { + return Action::None; + } + + dq->getMutableData() = std::move(newContent); + if (!dq->ednsAdded && ednsAdded) { + dq->ednsAdded = true; + } + + return Action::None; + } + + auto& data = dq->getMutableData(); + if (generateOptRR(optRData, data, dq->getMaximumSize(), g_EdnsUDPPayloadSize, 0, false)) { + dq->getHeader()->arcount = htons(1); + // make sure that any EDNS sent by the backend is removed before forwarding the response to the client + dq->ednsAdded = true; + } + + return Action::None; + } + + std::string toString() const override + { + return "add EDNS Option (code=" + std::to_string(d_code) + ")"; + } + +private: + uint16_t d_code; + std::string d_data; +}; + +class SetNoRecurseAction : public DNSAction +{ +public: + // this action does not stop the processing + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->getHeader()->rd = false; + return Action::None; + } + std::string toString() const override + { + return "set rd=0"; + } +}; + +class LogAction : public DNSAction, public boost::noncopyable +{ +public: + // this action does not stop the processing + LogAction() + { + } + + LogAction(const std::string& str, bool binary=true, bool append=false, bool buffered=true, bool verboseOnly=true, bool includeTimestamp=false): d_fname(str), d_binary(binary), d_verboseOnly(verboseOnly), d_includeTimestamp(includeTimestamp), d_append(append), d_buffered(buffered) + { + if (str.empty()) { + return; + } + + if (!reopenLogFile()) { + throw std::runtime_error("Unable to open file '" + str + "' for logging: " + stringerror()); + } + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + auto fp = std::atomic_load_explicit(&d_fp, std::memory_order_acquire); + if (!fp) { + if (!d_verboseOnly || g_verbose) { + if (d_includeTimestamp) { + infolog("[%u.%u] Packet from %s for %s %s with id %d", static_cast(dq->queryTime->tv_sec), static_cast(dq->queryTime->tv_nsec), dq->remote->toStringWithPort(), dq->qname->toString(), QType(dq->qtype).toString(), dq->getHeader()->id); + } + else { + infolog("Packet from %s for %s %s with id %d", dq->remote->toStringWithPort(), dq->qname->toString(), QType(dq->qtype).toString(), dq->getHeader()->id); + } + } + } + else { + if (d_binary) { + const auto& out = dq->qname->getStorage(); + if (d_includeTimestamp) { + uint64_t tv_sec = static_cast(dq->queryTime->tv_sec); + uint32_t tv_nsec = static_cast(dq->queryTime->tv_nsec); + fwrite(&tv_sec, sizeof(tv_sec), 1, fp.get()); + fwrite(&tv_nsec, sizeof(tv_nsec), 1, fp.get()); + } + uint16_t id = dq->getHeader()->id; + fwrite(&id, sizeof(id), 1, fp.get()); + fwrite(out.c_str(), 1, out.size(), fp.get()); + fwrite(&dq->qtype, sizeof(dq->qtype), 1, fp.get()); + fwrite(&dq->remote->sin4.sin_family, sizeof(dq->remote->sin4.sin_family), 1, fp.get()); + if (dq->remote->sin4.sin_family == AF_INET) { + fwrite(&dq->remote->sin4.sin_addr.s_addr, sizeof(dq->remote->sin4.sin_addr.s_addr), 1, fp.get()); + } + else if (dq->remote->sin4.sin_family == AF_INET6) { + fwrite(&dq->remote->sin6.sin6_addr.s6_addr, sizeof(dq->remote->sin6.sin6_addr.s6_addr), 1, fp.get()); + } + fwrite(&dq->remote->sin4.sin_port, sizeof(dq->remote->sin4.sin_port), 1, fp.get()); + } + else { + if (d_includeTimestamp) { + fprintf(fp.get(), "[%llu.%lu] Packet from %s for %s %s with id %d\n", static_cast(dq->queryTime->tv_sec), static_cast(dq->queryTime->tv_nsec), dq->remote->toStringWithPort().c_str(), dq->qname->toString().c_str(), QType(dq->qtype).toString().c_str(), dq->getHeader()->id); + } + else { + fprintf(fp.get(), "Packet from %s for %s %s with id %d\n", dq->remote->toStringWithPort().c_str(), dq->qname->toString().c_str(), QType(dq->qtype).toString().c_str(), dq->getHeader()->id); + } + } + } + return Action::None; + } + + std::string toString() const override + { + if (!d_fname.empty()) { + return "log to " + d_fname; + } + return "log"; + } + + void reload() override + { + if (!reopenLogFile()) { + warnlog("Unable to open file '%s' for logging: %s", d_fname, stringerror()); + } + } + +private: + bool reopenLogFile() + { + // we are using a naked pointer here because we don't want fclose to be called + // with a nullptr, which would happen if we constructor a shared_ptr with fclose + // as a custom deleter and nullptr as a FILE* + auto nfp = fopen(d_fname.c_str(), d_append ? "a+" : "w"); + if (!nfp) { + /* don't fall on our sword when reopening */ + return false; + } + + auto fp = std::shared_ptr(nfp, fclose); + nfp = nullptr; + + if (!d_buffered) { + setbuf(fp.get(), 0); + } + + std::atomic_store_explicit(&d_fp, fp, std::memory_order_release); + return true; + } + + std::string d_fname; + std::shared_ptr d_fp{nullptr}; + bool d_binary{true}; + bool d_verboseOnly{true}; + bool d_includeTimestamp{false}; + bool d_append{false}; + bool d_buffered{true}; +}; + +class LogResponseAction : public DNSResponseAction, public boost::noncopyable +{ +public: + LogResponseAction() + { + } + + LogResponseAction(const std::string& str, bool append=false, bool buffered=true, bool verboseOnly=true, bool includeTimestamp=false): d_fname(str), d_verboseOnly(verboseOnly), d_includeTimestamp(includeTimestamp), d_append(append), d_buffered(buffered) + { + if (str.empty()) { + return; + } + + if (!reopenLogFile()) { + throw std::runtime_error("Unable to open file '" + str + "' for logging: " + stringerror()); + } + } + + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + auto fp = std::atomic_load_explicit(&d_fp, std::memory_order_acquire); + if (!fp) { + if (!d_verboseOnly || g_verbose) { + if (d_includeTimestamp) { + infolog("[%u.%u] Answer to %s for %s %s (%s) with id %d", static_cast(dr->queryTime->tv_sec), static_cast(dr->queryTime->tv_nsec), dr->remote->toStringWithPort(), dr->qname->toString(), QType(dr->qtype).toString(), RCode::to_s(dr->getHeader()->rcode), dr->getHeader()->id); + } + else { + infolog("Answer to %s for %s %s (%s) with id %d", dr->remote->toStringWithPort(), dr->qname->toString(), QType(dr->qtype).toString(), RCode::to_s(dr->getHeader()->rcode), dr->getHeader()->id); + } + } + } + else { + if (d_includeTimestamp) { + fprintf(fp.get(), "[%llu.%lu] Answer to %s for %s %s (%s) with id %d\n", static_cast(dr->queryTime->tv_sec), static_cast(dr->queryTime->tv_nsec), dr->remote->toStringWithPort().c_str(), dr->qname->toString().c_str(), QType(dr->qtype).toString().c_str(), RCode::to_s(dr->getHeader()->rcode).c_str(), dr->getHeader()->id); + } + else { + fprintf(fp.get(), "Answer to %s for %s %s (%s) with id %d\n", dr->remote->toStringWithPort().c_str(), dr->qname->toString().c_str(), QType(dr->qtype).toString().c_str(), RCode::to_s(dr->getHeader()->rcode).c_str(), dr->getHeader()->id); + } + } + return Action::None; + } + + std::string toString() const override + { + if (!d_fname.empty()) { + return "log to " + d_fname; + } + return "log"; + } + + void reload() override + { + if (!reopenLogFile()) { + warnlog("Unable to open file '%s' for logging: %s", d_fname, stringerror()); + } + } + +private: + bool reopenLogFile() + { + // we are using a naked pointer here because we don't want fclose to be called + // with a nullptr, which would happen if we constructor a shared_ptr with fclose + // as a custom deleter and nullptr as a FILE* + auto nfp = fopen(d_fname.c_str(), d_append ? "a+" : "w"); + if (!nfp) { + /* don't fall on our sword when reopening */ + return false; + } + + auto fp = std::shared_ptr(nfp, fclose); + nfp = nullptr; + + if (!d_buffered) { + setbuf(fp.get(), 0); + } + + std::atomic_store_explicit(&d_fp, fp, std::memory_order_release); + return true; + } + + std::string d_fname; + std::shared_ptr d_fp{nullptr}; + bool d_verboseOnly{true}; + bool d_includeTimestamp{false}; + bool d_append{false}; + bool d_buffered{true}; +}; + + +class SetDisableValidationAction : public DNSAction +{ +public: + // this action does not stop the processing + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->getHeader()->cd = true; + return Action::None; + } + std::string toString() const override + { + return "set cd=1"; + } +}; + +class SetSkipCacheAction : public DNSAction +{ +public: + // this action does not stop the processing + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->skipCache = true; + return Action::None; + } + std::string toString() const override + { + return "skip cache"; + } +}; + +class SetSkipCacheResponseAction : public DNSResponseAction +{ +public: + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + dr->skipCache = true; + return Action::None; + } + std::string toString() const override + { + return "skip cache"; + } +}; + +class SetTempFailureCacheTTLAction : public DNSAction +{ +public: + // this action does not stop the processing + SetTempFailureCacheTTLAction(uint32_t ttl) : d_ttl(ttl) + { + } + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->tempFailureTTL = d_ttl; + return Action::None; + } + std::string toString() const override + { + return "set tempfailure cache ttl to "+std::to_string(d_ttl); + } +private: + uint32_t d_ttl; +}; + +class SetECSPrefixLengthAction : public DNSAction +{ +public: + // this action does not stop the processing + SetECSPrefixLengthAction(uint16_t v4Length, uint16_t v6Length) : d_v4PrefixLength(v4Length), d_v6PrefixLength(v6Length) + { + } + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->ecsPrefixLength = dq->remote->sin4.sin_family == AF_INET ? d_v4PrefixLength : d_v6PrefixLength; + return Action::None; + } + std::string toString() const override + { + return "set ECS prefix length to " + std::to_string(d_v4PrefixLength) + "/" + std::to_string(d_v6PrefixLength); + } +private: + uint16_t d_v4PrefixLength; + uint16_t d_v6PrefixLength; +}; + +class SetECSOverrideAction : public DNSAction +{ +public: + // this action does not stop the processing + SetECSOverrideAction(bool ecsOverride) : d_ecsOverride(ecsOverride) + { + } + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->ecsOverride = d_ecsOverride; + return Action::None; + } + std::string toString() const override + { + return "set ECS override to " + std::to_string(d_ecsOverride); + } +private: + bool d_ecsOverride; +}; + + +class SetDisableECSAction : public DNSAction +{ +public: + // this action does not stop the processing + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->useECS = false; + return Action::None; + } + std::string toString() const override + { + return "disable ECS"; + } +}; + +class SetECSAction : public DNSAction +{ +public: + // this action does not stop the processing + SetECSAction(const Netmask& v4): d_v4(v4), d_hasV6(false) + { + } + + SetECSAction(const Netmask& v4, const Netmask& v6): d_v4(v4), d_v6(v6), d_hasV6(true) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->ecsSet = true; + + if (d_hasV6) { + dq->ecs = dq->remote->isIPv4() ? d_v4 : d_v6; + } + else { + dq->ecs = d_v4; + } + + return Action::None; + } + + std::string toString() const override + { + std::string result = "set ECS to " + d_v4.toString(); + if (d_hasV6) { + result += " / " + d_v6.toString(); + } + return result; + } + +private: + Netmask d_v4; + Netmask d_v6; + bool d_hasV6; +}; + +static DnstapMessage::ProtocolType ProtocolToDNSTap(dnsdist::Protocol protocol) +{ + if (protocol == dnsdist::Protocol::DoUDP) { + return DnstapMessage::ProtocolType::DoUDP; + } + else if (protocol == dnsdist::Protocol::DoTCP) { + return DnstapMessage::ProtocolType::DoTCP; + } + else if (protocol == dnsdist::Protocol::DoT) { + return DnstapMessage::ProtocolType::DoT; + } + else if (protocol == dnsdist::Protocol::DoH) { + return DnstapMessage::ProtocolType::DoH; + } + else if (protocol == dnsdist::Protocol::DNSCryptUDP) { + return DnstapMessage::ProtocolType::DNSCryptUDP; + } + else if (protocol == dnsdist::Protocol::DNSCryptTCP) { + return DnstapMessage::ProtocolType::DNSCryptTCP; + } + throw std::runtime_error("Unhandled protocol for dnstap: " + protocol.toPrettyString()); +} + +class DnstapLogAction : public DNSAction, public boost::noncopyable +{ +public: + // this action does not stop the processing + DnstapLogAction(const std::string& identity, std::shared_ptr& logger, boost::optional > alterFunc): d_identity(identity), d_logger(logger), d_alterFunc(alterFunc) + { + } + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + static thread_local std::string data; + data.clear(); + + DnstapMessage::ProtocolType protocol = ProtocolToDNSTap(dq->getProtocol()); + DnstapMessage message(data, !dq->getHeader()->qr ? DnstapMessage::MessageType::client_query : DnstapMessage::MessageType::client_response, d_identity, dq->remote, dq->local, protocol, reinterpret_cast(dq->getData().data()), dq->getData().size(), dq->queryTime, nullptr); + { + if (d_alterFunc) { + auto lock = g_lua.lock(); + (*d_alterFunc)(dq, &message); + } + } + + d_logger->queueData(data); + + return Action::None; + } + std::string toString() const override + { + return "remote log as dnstap to " + (d_logger ? d_logger->toString() : ""); + } +private: + std::string d_identity; + std::shared_ptr d_logger; + boost::optional > d_alterFunc; +}; + +class RemoteLogAction : public DNSAction, public boost::noncopyable +{ +public: + // this action does not stop the processing + RemoteLogAction(std::shared_ptr& logger, boost::optional > alterFunc, const std::string& serverID, const std::string& ipEncryptKey): d_logger(logger), d_alterFunc(alterFunc), d_serverID(serverID), d_ipEncryptKey(ipEncryptKey) + { + } + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + if (!dq->uniqueId) { + dq->uniqueId = getUniqueID(); + } + + DNSDistProtoBufMessage message(*dq); + if (!d_serverID.empty()) { + message.setServerIdentity(d_serverID); + } + +#if HAVE_LIBCRYPTO + if (!d_ipEncryptKey.empty()) + { + message.setRequestor(encryptCA(*dq->remote, d_ipEncryptKey)); + } +#endif /* HAVE_LIBCRYPTO */ + + if (d_alterFunc) { + auto lock = g_lua.lock(); + (*d_alterFunc)(dq, &message); + } + + static thread_local std::string data; + data.clear(); + message.serialize(data); + d_logger->queueData(data); + + return Action::None; + } + std::string toString() const override + { + return "remote log to " + (d_logger ? d_logger->toString() : ""); + } +private: + std::shared_ptr d_logger; + boost::optional > d_alterFunc; + std::string d_serverID; + std::string d_ipEncryptKey; +}; + +class SNMPTrapAction : public DNSAction +{ +public: + // this action does not stop the processing + SNMPTrapAction(const std::string& reason): d_reason(reason) + { + } + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + if (g_snmpAgent && g_snmpTrapsEnabled) { + g_snmpAgent->sendDNSTrap(*dq, d_reason); + } + + return Action::None; + } + std::string toString() const override + { + return "send SNMP trap"; + } +private: + std::string d_reason; +}; + +class SetTagAction : public DNSAction +{ +public: + // this action does not stop the processing + SetTagAction(const std::string& tag, const std::string& value): d_tag(tag), d_value(value) + { + } + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + dq->setTag(d_tag, d_value); + + return Action::None; + } + std::string toString() const override + { + return "set tag '" + d_tag + "' to value '" + d_value + "'"; + } +private: + std::string d_tag; + std::string d_value; +}; + +class DnstapLogResponseAction : public DNSResponseAction, public boost::noncopyable +{ +public: + // this action does not stop the processing + DnstapLogResponseAction(const std::string& identity, std::shared_ptr& logger, boost::optional > alterFunc): d_identity(identity), d_logger(logger), d_alterFunc(alterFunc) + { + } + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + static thread_local std::string data; + struct timespec now; + gettime(&now, true); + data.clear(); + + DnstapMessage::ProtocolType protocol = ProtocolToDNSTap(dr->getProtocol()); + DnstapMessage message(data, DnstapMessage::MessageType::client_response, d_identity, dr->remote, dr->local, protocol, reinterpret_cast(dr->getData().data()), dr->getData().size(), dr->queryTime, &now); + { + if (d_alterFunc) { + auto lock = g_lua.lock(); + (*d_alterFunc)(dr, &message); + } + } + + d_logger->queueData(data); + + return Action::None; + } + std::string toString() const override + { + return "log response as dnstap to " + (d_logger ? d_logger->toString() : ""); + } +private: + std::string d_identity; + std::shared_ptr d_logger; + boost::optional > d_alterFunc; +}; + +class RemoteLogResponseAction : public DNSResponseAction, public boost::noncopyable +{ +public: + // this action does not stop the processing + RemoteLogResponseAction(std::shared_ptr& logger, boost::optional > alterFunc, const std::string& serverID, const std::string& ipEncryptKey, bool includeCNAME): d_logger(logger), d_alterFunc(alterFunc), d_serverID(serverID), d_ipEncryptKey(ipEncryptKey), d_includeCNAME(includeCNAME) + { + } + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + if (!dr->uniqueId) { + dr->uniqueId = getUniqueID(); + } + + DNSDistProtoBufMessage message(*dr, d_includeCNAME); + if (!d_serverID.empty()) { + message.setServerIdentity(d_serverID); + } + +#if HAVE_LIBCRYPTO + if (!d_ipEncryptKey.empty()) + { + message.setRequestor(encryptCA(*dr->remote, d_ipEncryptKey)); + } +#endif /* HAVE_LIBCRYPTO */ + + if (d_alterFunc) { + auto lock = g_lua.lock(); + (*d_alterFunc)(dr, &message); + } + + static thread_local std::string data; + data.clear(); + message.serialize(data); + d_logger->queueData(data); + + return Action::None; + } + std::string toString() const override + { + return "remote log response to " + (d_logger ? d_logger->toString() : ""); + } +private: + std::shared_ptr d_logger; + boost::optional > d_alterFunc; + std::string d_serverID; + std::string d_ipEncryptKey; + bool d_includeCNAME; +}; + +class DropResponseAction : public DNSResponseAction +{ +public: + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + return Action::Drop; + } + std::string toString() const override + { + return "drop"; + } +}; + +class AllowResponseAction : public DNSResponseAction +{ +public: + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + return Action::Allow; + } + std::string toString() const override + { + return "allow"; + } +}; + +class DelayResponseAction : public DNSResponseAction +{ +public: + DelayResponseAction(int msec) : d_msec(msec) + { + } + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + *ruleresult = std::to_string(d_msec); + return Action::Delay; + } + std::string toString() const override + { + return "delay by "+std::to_string(d_msec)+ " msec"; + } +private: + int d_msec; +}; + +class SNMPTrapResponseAction : public DNSResponseAction +{ +public: + // this action does not stop the processing + SNMPTrapResponseAction(const std::string& reason): d_reason(reason) + { + } + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + if (g_snmpAgent && g_snmpTrapsEnabled) { + g_snmpAgent->sendDNSTrap(*dr, d_reason); + } + + return Action::None; + } + std::string toString() const override + { + return "send SNMP trap"; + } +private: + std::string d_reason; +}; + +class SetTagResponseAction : public DNSResponseAction +{ +public: + // this action does not stop the processing + SetTagResponseAction(const std::string& tag, const std::string& value): d_tag(tag), d_value(value) + { + } + DNSResponseAction::Action operator()(DNSResponse* dr, std::string* ruleresult) const override + { + dr->setTag(d_tag, d_value); + + return Action::None; + } + std::string toString() const override + { + return "set tag '" + d_tag + "' to value '" + d_value + "'"; + } +private: + std::string d_tag; + std::string d_value; +}; + +class ContinueAction : public DNSAction +{ +public: + // this action does not stop the processing + ContinueAction(std::shared_ptr& action): d_action(action) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + if (d_action) { + /* call the action */ + auto action = (*d_action)(dq, ruleresult); + bool drop = false; + /* apply the changes if needed (pool selection, flags, etc */ + processRulesResult(action, *dq, *ruleresult, drop); + } + + /* but ignore the resulting action no matter what */ + return Action::None; + } + + std::string toString() const override + { + if (d_action) { + return "continue after: " + (d_action ? d_action->toString() : ""); + } + else { + return "no op"; + } + } + +private: + std::shared_ptr d_action; +}; + +#ifdef HAVE_DNS_OVER_HTTPS +class HTTPStatusAction: public DNSAction +{ +public: + HTTPStatusAction(int code, const PacketBuffer& body, const std::string& contentType): d_body(body), d_contentType(contentType), d_code(code) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + if (!dq->du) { + return Action::None; + } + + dq->du->setHTTPResponse(d_code, PacketBuffer(d_body), d_contentType); + dq->getHeader()->qr = true; // for good measure + setResponseHeadersFromConfig(*dq->getHeader(), d_responseConfig); + return Action::HeaderModify; + } + + std::string toString() const override + { + return "return an HTTP status of " + std::to_string(d_code); + } + + ResponseConfig d_responseConfig; +private: + PacketBuffer d_body; + std::string d_contentType; + int d_code; +}; +#endif /* HAVE_DNS_OVER_HTTPS */ + +class KeyValueStoreLookupAction : public DNSAction +{ +public: + // this action does not stop the processing + KeyValueStoreLookupAction(std::shared_ptr& kvs, std::shared_ptr& lookupKey, const std::string& destinationTag): d_kvs(kvs), d_key(lookupKey), d_tag(destinationTag) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + std::vector keys = d_key->getKeys(*dq); + std::string result; + for (const auto& key : keys) { + if (d_kvs->getValue(key, result) == true) { + break; + } + } + + dq->setTag(d_tag, std::move(result)); + + return Action::None; + } + + std::string toString() const override + { + return "lookup key-value store based on '" + d_key->toString() + "' and set the result in tag '" + d_tag + "'"; + } + +private: + std::shared_ptr d_kvs; + std::shared_ptr d_key; + std::string d_tag; +}; + +class KeyValueStoreRangeLookupAction : public DNSAction +{ +public: + // this action does not stop the processing + KeyValueStoreRangeLookupAction(std::shared_ptr& kvs, std::shared_ptr& lookupKey, const std::string& destinationTag): d_kvs(kvs), d_key(lookupKey), d_tag(destinationTag) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + std::vector keys = d_key->getKeys(*dq); + std::string result; + for (const auto& key : keys) { + if (d_kvs->getRangeValue(key, result) == true) { + break; + } + } + + dq->setTag(d_tag, std::move(result)); + + return Action::None; + } + + std::string toString() const override + { + return "do a range-based lookup in key-value store based on '" + d_key->toString() + "' and set the result in tag '" + d_tag + "'"; + } + +private: + std::shared_ptr d_kvs; + std::shared_ptr d_key; + std::string d_tag; +}; + +class NegativeAndSOAAction: public DNSAction +{ +public: + NegativeAndSOAAction(bool nxd, const DNSName& zone, uint32_t ttl, const DNSName& mname, const DNSName& rname, uint32_t serial, uint32_t refresh, uint32_t retry, uint32_t expire, uint32_t minimum): d_zone(zone), d_mname(mname), d_rname(rname), d_ttl(ttl), d_serial(serial), d_refresh(refresh), d_retry(retry), d_expire(expire), d_minimum(minimum), d_nxd(nxd) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + if (!setNegativeAndAdditionalSOA(*dq, d_nxd, d_zone, d_ttl, d_mname, d_rname, d_serial, d_refresh, d_retry, d_expire, d_minimum)) { + return Action::None; + } + + setResponseHeadersFromConfig(*dq->getHeader(), d_responseConfig); + + return Action::Allow; + } + + std::string toString() const override + { + return std::string(d_nxd ? "NXD " : "NODATA") + " with SOA"; + } + + ResponseConfig d_responseConfig; + +private: + DNSName d_zone; + DNSName d_mname; + DNSName d_rname; + uint32_t d_ttl; + uint32_t d_serial; + uint32_t d_refresh; + uint32_t d_retry; + uint32_t d_expire; + uint32_t d_minimum; + bool d_nxd; +}; + +class SetProxyProtocolValuesAction : public DNSAction +{ +public: + // this action does not stop the processing + SetProxyProtocolValuesAction(const std::vector>& values) + { + d_values.reserve(values.size()); + for (const auto& value : values) { + d_values.push_back({value.second, value.first}); + } + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + if (!dq->proxyProtocolValues) { + dq->proxyProtocolValues = make_unique>(); + } + + *(dq->proxyProtocolValues) = d_values; + + return Action::None; + } + + std::string toString() const override + { + return "set Proxy-Protocol values"; + } + +private: + std::vector d_values; +}; + +class SetAdditionalProxyProtocolValueAction : public DNSAction +{ +public: + // this action does not stop the processing + SetAdditionalProxyProtocolValueAction(uint8_t type, const std::string& value): d_value(value), d_type(type) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, std::string* ruleresult) const override + { + if (!dq->proxyProtocolValues) { + dq->proxyProtocolValues = make_unique>(); + } + + dq->proxyProtocolValues->push_back({ d_value, d_type }); + + return Action::None; + } + + std::string toString() const override + { + return "add a Proxy-Protocol value of type " + std::to_string(d_type); + } + +private: + std::string d_value; + uint8_t d_type; +}; + +template +static void addAction(GlobalStateHolder > *someRuleActions, const luadnsrule_t& var, const std::shared_ptr& action, boost::optional& params) { + setLuaSideEffect(); + + std::string name; + boost::uuids::uuid uuid; + uint64_t creationOrder; + parseRuleParams(params, uuid, name, creationOrder); + + auto rule = makeRule(var); + someRuleActions->modify([&rule, &action, &uuid, creationOrder, &name](vector& ruleactions){ + ruleactions.push_back({std::move(rule), std::move(action), std::move(name), std::move(uuid), creationOrder}); + }); +} + +typedef std::unordered_map > responseParams_t; + +static void parseResponseConfig(boost::optional vars, ResponseConfig& config) +{ + if (vars) { + if (vars->count("ttl")) { + config.ttl = boost::get((*vars)["ttl"]); + } + if (vars->count("aa")) { + config.setAA = boost::get((*vars)["aa"]); + } + if (vars->count("ad")) { + config.setAD = boost::get((*vars)["ad"]); + } + if (vars->count("ra")) { + config.setRA = boost::get((*vars)["ra"]); + } + } +} + +void setResponseHeadersFromConfig(dnsheader& dh, const ResponseConfig& config) +{ + if (config.setAA) { + dh.aa = *config.setAA; + } + if (config.setAD) { + dh.ad = *config.setAD; + } + else { + dh.ad = false; + } + if (config.setRA) { + dh.ra = *config.setRA; + } + else { + dh.ra = dh.rd; // for good measure + } +} + +void setupLuaActions(LuaContext& luaCtx) +{ + luaCtx.writeFunction("newRuleAction", [](luadnsrule_t dnsrule, std::shared_ptr action, boost::optional params) { + boost::uuids::uuid uuid; + uint64_t creationOrder; + std::string name; + parseRuleParams(params, uuid, name, creationOrder); + + auto rule = makeRule(dnsrule); + DNSDistRuleAction ra({std::move(rule), action, std::move(name), uuid, creationOrder}); + return std::make_shared(ra); + }); + + luaCtx.writeFunction("addAction", [](luadnsrule_t var, boost::variant, std::shared_ptr > era, boost::optional params) { + if (era.type() != typeid(std::shared_ptr)) { + throw std::runtime_error("addAction() can only be called with query-related actions, not response-related ones. Are you looking for addResponseAction()?"); + } + + addAction(&g_ruleactions, var, boost::get >(era), params); + }); + + luaCtx.writeFunction("addResponseAction", [](luadnsrule_t var, boost::variant, std::shared_ptr > era, boost::optional params) { + if (era.type() != typeid(std::shared_ptr)) { + throw std::runtime_error("addResponseAction() can only be called with response-related actions, not query-related ones. Are you looking for addAction()?"); + } + + addAction(&g_respruleactions, var, boost::get >(era), params); + }); + + luaCtx.writeFunction("addCacheHitResponseAction", [](luadnsrule_t var, boost::variant, std::shared_ptr> era, boost::optional params) { + if (era.type() != typeid(std::shared_ptr)) { + throw std::runtime_error("addCacheHitResponseAction() can only be called with response-related actions, not query-related ones. Are you looking for addAction()?"); + } + + addAction(&g_cachehitrespruleactions, var, boost::get >(era), params); + }); + + luaCtx.writeFunction("addSelfAnsweredResponseAction", [](luadnsrule_t var, boost::variant, std::shared_ptr> era, boost::optional params) { + if (era.type() != typeid(std::shared_ptr)) { + throw std::runtime_error("addSelfAnsweredResponseAction() can only be called with response-related actions, not query-related ones. Are you looking for addAction()?"); + } + + addAction(&g_selfansweredrespruleactions, var, boost::get >(era), params); + }); + + luaCtx.registerFunction("printStats", [](const DNSAction& ta) { + setLuaNoSideEffect(); + auto stats = ta.getStats(); + for(const auto& s : stats) { + g_outputBuffer+=s.first+"\t"; + if((uint64_t)s.second == s.second) + g_outputBuffer += std::to_string((uint64_t)s.second)+"\n"; + else + g_outputBuffer += std::to_string(s.second)+"\n"; + } + }); + + luaCtx.writeFunction("getAction", [](unsigned int num) { + setLuaNoSideEffect(); + boost::optional> ret; + auto ruleactions = g_ruleactions.getCopy(); + if(num < ruleactions.size()) + ret=ruleactions[num].d_action; + return ret; + }); + + luaCtx.registerFunction("getStats", &DNSAction::getStats); + luaCtx.registerFunction("reload", &DNSAction::reload); + luaCtx.registerFunction("reload", &DNSResponseAction::reload); + + luaCtx.writeFunction("LuaAction", [](LuaAction::func_t func) { + setLuaSideEffect(); + return std::shared_ptr(new LuaAction(func)); + }); + + luaCtx.writeFunction("LuaFFIAction", [](LuaFFIAction::func_t func) { + setLuaSideEffect(); + return std::shared_ptr(new LuaFFIAction(func)); + }); + + luaCtx.writeFunction("LuaFFIPerThreadAction", [](std::string code) { + setLuaSideEffect(); + return std::shared_ptr(new LuaFFIPerThreadAction(code)); + }); + + luaCtx.writeFunction("SetNoRecurseAction", []() { + return std::shared_ptr(new SetNoRecurseAction); + }); + + luaCtx.writeFunction("NoRecurseAction", []() { + warnlog("access to NoRecurseAction is deprecated and will be removed in a future version, please use SetNoRecurseAction instead"); + return std::shared_ptr(new SetNoRecurseAction); + }); + + luaCtx.writeFunction("SetMacAddrAction", [](int code) { + return std::shared_ptr(new SetMacAddrAction(code)); + }); + + luaCtx.writeFunction("SetEDNSOptionAction", [](int code, const std::string& data) { + return std::shared_ptr(new SetEDNSOptionAction(code, data)); + }); + + luaCtx.writeFunction("MacAddrAction", [](int code) { + warnlog("access to MacAddrAction is deprecated and will be removed in a future version, please use SetMacAddrAction instead"); + return std::shared_ptr(new SetMacAddrAction(code)); + }); + + luaCtx.writeFunction("PoolAction", [](const std::string& a) { + return std::shared_ptr(new PoolAction(a)); + }); + + luaCtx.writeFunction("QPSAction", [](int limit) { + return std::shared_ptr(new QPSAction(limit)); + }); + + luaCtx.writeFunction("QPSPoolAction", [](int limit, const std::string& a) { + return std::shared_ptr(new QPSPoolAction(limit, a)); + }); + + luaCtx.writeFunction("SpoofAction", [](boost::variant>> inp, boost::optional vars) { + vector addrs; + if(auto s = boost::get(&inp)) { + addrs.push_back(ComboAddress(*s)); + } else { + const auto& v = boost::get>>(inp); + for(const auto& a: v) { + addrs.push_back(ComboAddress(a.second)); + } + } + + auto ret = std::shared_ptr(new SpoofAction(addrs)); + auto sa = std::dynamic_pointer_cast(ret); + parseResponseConfig(vars, sa->d_responseConfig); + return ret; + }); + + luaCtx.writeFunction("SpoofSVCAction", [](const std::vector>& parameters, boost::optional vars) { + auto ret = std::shared_ptr(new SpoofSVCAction(parameters)); + auto sa = std::dynamic_pointer_cast(ret); + parseResponseConfig(vars, sa->d_responseConfig); + return ret; + }); + + luaCtx.writeFunction("SpoofCNAMEAction", [](const std::string& a, boost::optional vars) { + auto ret = std::shared_ptr(new SpoofAction(DNSName(a))); + auto sa = std::dynamic_pointer_cast(ret); + parseResponseConfig(vars, sa->d_responseConfig); + return ret; + }); + + luaCtx.writeFunction("SpoofRawAction", [](boost::variant>> inp, boost::optional vars) { + vector raws; + if(auto s = boost::get(&inp)) { + raws.push_back(*s); + } else { + const auto& v = boost::get>>(inp); + for(const auto& raw: v) { + raws.push_back(raw.second); + } + } + + auto ret = std::shared_ptr(new SpoofAction(raws)); + auto sa = std::dynamic_pointer_cast(ret); + parseResponseConfig(vars, sa->d_responseConfig); + return ret; + }); + + luaCtx.writeFunction("DropAction", []() { + return std::shared_ptr(new DropAction); + }); + + luaCtx.writeFunction("AllowAction", []() { + return std::shared_ptr(new AllowAction); + }); + + luaCtx.writeFunction("NoneAction", []() { + return std::shared_ptr(new NoneAction); + }); + + luaCtx.writeFunction("DelayAction", [](int msec) { + return std::shared_ptr(new DelayAction(msec)); + }); + + luaCtx.writeFunction("TCAction", []() { + return std::shared_ptr(new TCAction); + }); + + luaCtx.writeFunction("SetDisableValidationAction", []() { + return std::shared_ptr(new SetDisableValidationAction); + }); + + luaCtx.writeFunction("DisableValidationAction", []() { + warnlog("access to DisableValidationAction is deprecated and will be removed in a future version, please use SetDisableValidationAction instead"); + return std::shared_ptr(new SetDisableValidationAction); + }); + + luaCtx.writeFunction("LogAction", [](boost::optional fname, boost::optional binary, boost::optional append, boost::optional buffered, boost::optional verboseOnly, boost::optional includeTimestamp) { + return std::shared_ptr(new LogAction(fname ? *fname : "", binary ? *binary : true, append ? *append : false, buffered ? *buffered : false, verboseOnly ? *verboseOnly : true, includeTimestamp ? *includeTimestamp : false)); + }); + + luaCtx.writeFunction("LogResponseAction", [](boost::optional fname, boost::optional append, boost::optional buffered, boost::optional verboseOnly, boost::optional includeTimestamp) { + return std::shared_ptr(new LogResponseAction(fname ? *fname : "", append ? *append : false, buffered ? *buffered : false, verboseOnly ? *verboseOnly : true, includeTimestamp ? *includeTimestamp : false)); + }); + + luaCtx.writeFunction("RCodeAction", [](uint8_t rcode, boost::optional vars) { + auto ret = std::shared_ptr(new RCodeAction(rcode)); + auto rca = std::dynamic_pointer_cast(ret); + parseResponseConfig(vars, rca->d_responseConfig); + return ret; + }); + + luaCtx.writeFunction("ERCodeAction", [](uint8_t rcode, boost::optional vars) { + auto ret = std::shared_ptr(new ERCodeAction(rcode)); + auto erca = std::dynamic_pointer_cast(ret); + parseResponseConfig(vars, erca->d_responseConfig); + return ret; + }); + + luaCtx.writeFunction("SetSkipCacheAction", []() { + return std::shared_ptr(new SetSkipCacheAction); + }); + + luaCtx.writeFunction("SkipCacheAction", []() { + warnlog("access to SkipCacheAction is deprecated and will be removed in a future version, please use SetSkipCacheAction instead"); + return std::shared_ptr(new SetSkipCacheAction); + }); + + luaCtx.writeFunction("SetSkipCacheResponseAction", []() { + return std::shared_ptr(new SetSkipCacheResponseAction); + }); + + luaCtx.writeFunction("SetTempFailureCacheTTLAction", [](int maxTTL) { + return std::shared_ptr(new SetTempFailureCacheTTLAction(maxTTL)); + }); + + luaCtx.writeFunction("TempFailureCacheTTLAction", [](int maxTTL) { + warnlog("access to TempFailureCacheTTLAction is deprecated and will be removed in a future version, please use SetTempFailureCacheTTLAction instead"); + return std::shared_ptr(new SetTempFailureCacheTTLAction(maxTTL)); + }); + + luaCtx.writeFunction("DropResponseAction", []() { + return std::shared_ptr(new DropResponseAction); + }); + + luaCtx.writeFunction("AllowResponseAction", []() { + return std::shared_ptr(new AllowResponseAction); + }); + + luaCtx.writeFunction("DelayResponseAction", [](int msec) { + return std::shared_ptr(new DelayResponseAction(msec)); + }); + + luaCtx.writeFunction("LuaResponseAction", [](LuaResponseAction::func_t func) { + setLuaSideEffect(); + return std::shared_ptr(new LuaResponseAction(func)); + }); + + luaCtx.writeFunction("LuaFFIResponseAction", [](LuaFFIResponseAction::func_t func) { + setLuaSideEffect(); + return std::shared_ptr(new LuaFFIResponseAction(func)); + }); + + luaCtx.writeFunction("LuaFFIPerThreadResponseAction", [](std::string code) { + setLuaSideEffect(); + return std::shared_ptr(new LuaFFIPerThreadResponseAction(code)); + }); + + luaCtx.writeFunction("RemoteLogAction", [](std::shared_ptr logger, boost::optional > alterFunc, boost::optional> vars) { + if (logger) { + // avoids potentially-evaluated-expression warning with clang. + RemoteLoggerInterface& rl = *logger.get(); + if (typeid(rl) != typeid(RemoteLogger)) { + // We could let the user do what he wants, but wrapping PowerDNS Protobuf inside a FrameStream tagged as dnstap is logically wrong. + throw std::runtime_error(std::string("RemoteLogAction only takes RemoteLogger. For other types, please look at DnstapLogAction.")); + } + } + + std::string serverID; + std::string ipEncryptKey; + if (vars) { + if (vars->count("serverID")) { + serverID = boost::get((*vars)["serverID"]); + } + if (vars->count("ipEncryptKey")) { + ipEncryptKey = boost::get((*vars)["ipEncryptKey"]); + } + } + + return std::shared_ptr(new RemoteLogAction(logger, alterFunc, serverID, ipEncryptKey)); + }); + + luaCtx.writeFunction("RemoteLogResponseAction", [](std::shared_ptr logger, boost::optional > alterFunc, boost::optional includeCNAME, boost::optional> vars) { + if (logger) { + // avoids potentially-evaluated-expression warning with clang. + RemoteLoggerInterface& rl = *logger.get(); + if (typeid(rl) != typeid(RemoteLogger)) { + // We could let the user do what he wants, but wrapping PowerDNS Protobuf inside a FrameStream tagged as dnstap is logically wrong. + throw std::runtime_error("RemoteLogResponseAction only takes RemoteLogger. For other types, please look at DnstapLogResponseAction."); + } + } + + std::string serverID; + std::string ipEncryptKey; + if (vars) { + if (vars->count("serverID")) { + serverID = boost::get((*vars)["serverID"]); + } + if (vars->count("ipEncryptKey")) { + ipEncryptKey = boost::get((*vars)["ipEncryptKey"]); + } + } + + return std::shared_ptr(new RemoteLogResponseAction(logger, alterFunc, serverID, ipEncryptKey, includeCNAME ? *includeCNAME : false)); + }); + + luaCtx.writeFunction("DnstapLogAction", [](const std::string& identity, std::shared_ptr logger, boost::optional > alterFunc) { + return std::shared_ptr(new DnstapLogAction(identity, logger, alterFunc)); + }); + + luaCtx.writeFunction("DnstapLogResponseAction", [](const std::string& identity, std::shared_ptr logger, boost::optional > alterFunc) { + return std::shared_ptr(new DnstapLogResponseAction(identity, logger, alterFunc)); + }); + + luaCtx.writeFunction("TeeAction", [](const std::string& remote, boost::optional addECS) { + return std::shared_ptr(new TeeAction(ComboAddress(remote, 53), addECS ? *addECS : false)); + }); + + luaCtx.writeFunction("SetECSPrefixLengthAction", [](uint16_t v4PrefixLength, uint16_t v6PrefixLength) { + return std::shared_ptr(new SetECSPrefixLengthAction(v4PrefixLength, v6PrefixLength)); + }); + + luaCtx.writeFunction("ECSPrefixLengthAction", [](uint16_t v4PrefixLength, uint16_t v6PrefixLength) { + warnlog("access to ECSPrefixLengthAction is deprecated and will be removed in a future version, please use SetECSPrefixLengthAction instead"); + return std::shared_ptr(new SetECSPrefixLengthAction(v4PrefixLength, v6PrefixLength)); + }); + + luaCtx.writeFunction("SetECSOverrideAction", [](bool ecsOverride) { + return std::shared_ptr(new SetECSOverrideAction(ecsOverride)); + }); + + luaCtx.writeFunction("ECSOverrideAction", [](bool ecsOverride) { + warnlog("access to ECSOverrideAction is deprecated and will be removed in a future version, please use SetECSOverrideAction instead"); + return std::shared_ptr(new SetECSOverrideAction(ecsOverride)); + }); + + luaCtx.writeFunction("SetDisableECSAction", []() { + return std::shared_ptr(new SetDisableECSAction()); + }); + + luaCtx.writeFunction("DisableECSAction", []() { + warnlog("access to DisableECSAction is deprecated and will be removed in a future version, please use SetDisableECSAction instead"); + return std::shared_ptr(new SetDisableECSAction()); + }); + + luaCtx.writeFunction("SetECSAction", [](const std::string v4, boost::optional v6) { + if (v6) { + return std::shared_ptr(new SetECSAction(Netmask(v4), Netmask(*v6))); + } + return std::shared_ptr(new SetECSAction(Netmask(v4))); + }); + + luaCtx.writeFunction("SNMPTrapAction", [](boost::optional reason) { +#ifdef HAVE_NET_SNMP + return std::shared_ptr(new SNMPTrapAction(reason ? *reason : "")); +#else + throw std::runtime_error("NET SNMP support is required to use SNMPTrapAction()"); +#endif /* HAVE_NET_SNMP */ + }); + + luaCtx.writeFunction("SNMPTrapResponseAction", [](boost::optional reason) { +#ifdef HAVE_NET_SNMP + return std::shared_ptr(new SNMPTrapResponseAction(reason ? *reason : "")); +#else + throw std::runtime_error("NET SNMP support is required to use SNMPTrapResponseAction()"); +#endif /* HAVE_NET_SNMP */ + }); + + luaCtx.writeFunction("SetTagAction", [](std::string tag, std::string value) { + return std::shared_ptr(new SetTagAction(tag, value)); + }); + + luaCtx.writeFunction("TagAction", [](std::string tag, std::string value) { + warnlog("access to TagAction is deprecated and will be removed in a future version, please use SetTagAction instead"); + return std::shared_ptr(new SetTagAction(tag, value)); + }); + + luaCtx.writeFunction("SetTagResponseAction", [](std::string tag, std::string value) { + return std::shared_ptr(new SetTagResponseAction(tag, value)); + }); + + luaCtx.writeFunction("TagResponseAction", [](std::string tag, std::string value) { + warnlog("access to TagResponseAction is deprecated and will be removed in a future version, please use SetTagResponseAction instead"); + return std::shared_ptr(new SetTagResponseAction(tag, value)); + }); + + luaCtx.writeFunction("ContinueAction", [](std::shared_ptr action) { + return std::shared_ptr(new ContinueAction(action)); + }); + +#ifdef HAVE_DNS_OVER_HTTPS + luaCtx.writeFunction("HTTPStatusAction", [](uint16_t status, std::string body, boost::optional contentType, boost::optional vars) { + auto ret = std::shared_ptr(new HTTPStatusAction(status, PacketBuffer(body.begin(), body.end()), contentType ? *contentType : "")); + auto hsa = std::dynamic_pointer_cast(ret); + parseResponseConfig(vars, hsa->d_responseConfig); + return ret; + }); +#endif /* HAVE_DNS_OVER_HTTPS */ + + luaCtx.writeFunction("KeyValueStoreLookupAction", [](std::shared_ptr& kvs, std::shared_ptr& lookupKey, const std::string& destinationTag) { + return std::shared_ptr(new KeyValueStoreLookupAction(kvs, lookupKey, destinationTag)); + }); + + luaCtx.writeFunction("KeyValueStoreRangeLookupAction", [](std::shared_ptr& kvs, std::shared_ptr& lookupKey, const std::string& destinationTag) { + return std::shared_ptr(new KeyValueStoreRangeLookupAction(kvs, lookupKey, destinationTag)); + }); + + luaCtx.writeFunction("NegativeAndSOAAction", [](bool nxd, const std::string& zone, uint32_t ttl, const std::string& mname, const std::string& rname, uint32_t serial, uint32_t refresh, uint32_t retry, uint32_t expire, uint32_t minimum, boost::optional vars) { + auto ret = std::shared_ptr(new NegativeAndSOAAction(nxd, DNSName(zone), ttl, DNSName(mname), DNSName(rname), serial, refresh, retry, expire, minimum)); + auto action = std::dynamic_pointer_cast(ret); + parseResponseConfig(vars, action->d_responseConfig); + return ret; + }); + + luaCtx.writeFunction("SetNegativeAndSOAAction", [](bool nxd, const std::string& zone, uint32_t ttl, const std::string& mname, const std::string& rname, uint32_t serial, uint32_t refresh, uint32_t retry, uint32_t expire, uint32_t minimum, boost::optional vars) { + warnlog("access to SetNegativeAndSOAAction is deprecated and will be removed in a future version, please use NegativeAndSOAAction instead"); + auto ret = std::shared_ptr(new NegativeAndSOAAction(nxd, DNSName(zone), ttl, DNSName(mname), DNSName(rname), serial, refresh, retry, expire, minimum)); + auto action = std::dynamic_pointer_cast(ret); + parseResponseConfig(vars, action->d_responseConfig); + return ret; + }); + + luaCtx.writeFunction("SetProxyProtocolValuesAction", [](const std::vector>& values) { + return std::shared_ptr(new SetProxyProtocolValuesAction(values)); + }); + + luaCtx.writeFunction("SetAdditionalProxyProtocolValueAction", [](uint8_t type, const std::string& value) { + return std::shared_ptr(new SetAdditionalProxyProtocolValueAction(type, value)); + }); +} diff --git a/dnsdist-lua-bindings-dnscrypt.cc b/dnsdist-lua-bindings-dnscrypt.cc new file mode 100644 index 0000000..9ea3fc8 --- /dev/null +++ b/dnsdist-lua-bindings-dnscrypt.cc @@ -0,0 +1,155 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" +#include "dnsdist.hh" +#include "dnsdist-lua.hh" + +#include "dolog.hh" + +void setupLuaBindingsDNSCrypt(LuaContext& luaCtx) +{ +#ifdef HAVE_DNSCRYPT + /* DNSCryptContext bindings */ + luaCtx.registerFunction("getProviderName", [](const DNSCryptContext& ctx) { return ctx.getProviderName().toStringNoDot(); }); + luaCtx.registerFunction("markActive", &DNSCryptContext::markActive); + luaCtx.registerFunction("markInactive", &DNSCryptContext::markInactive); + luaCtx.registerFunction("reloadCertificates", &DNSCryptContext::reloadCertificates); + luaCtx.registerFunction("removeInactiveCertificate", &DNSCryptContext::removeInactiveCertificate); + luaCtx.registerFunction::*)(const std::string& certFile, const std::string& keyFile, boost::optional active)>("loadNewCertificate", [](std::shared_ptr ctx, const std::string& certFile, const std::string& keyFile, boost::optional active) { + + if (ctx == nullptr) { + throw std::runtime_error("DNSCryptContext::loadNewCertificate() called on a nil value"); + } + + ctx->loadNewCertificate(certFile, keyFile, active ? *active : true); + }); + luaCtx.registerFunction::*)(const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, boost::optional active)>("addNewCertificate", [](std::shared_ptr ctx, const DNSCryptCert& newCert, const DNSCryptPrivateKey& newKey, boost::optional active) { + + if (ctx == nullptr) { + throw std::runtime_error("DNSCryptContext::addNewCertificate() called on a nil value"); + } + + ctx->addNewCertificate(newCert, newKey, active ? *active : true); + }); + luaCtx.registerFunction>(std::shared_ptr::*)()>("getCertificatePairs", [](std::shared_ptr ctx) { + std::map> result; + + if (ctx != nullptr) { + size_t idx = 1; + for (auto pair : ctx->getCertificates()) { + result[idx++] = pair; + } + } + + return result; + }); + + luaCtx.registerFunction(std::shared_ptr::*)(size_t idx)>("getCertificatePair", [](std::shared_ptr ctx, size_t idx) { + + if (ctx == nullptr) { + throw std::runtime_error("DNSCryptContext::getCertificatePair() called on a nil value"); + } + + std::shared_ptr result = nullptr; + auto pairs = ctx->getCertificates(); + if (idx < pairs.size()) { + result = pairs.at(idx); + } + + return result; + }); + + luaCtx.registerFunction::*)(size_t idx)>("getCertificate", [](std::shared_ptr ctx, size_t idx) { + + if (ctx == nullptr) { + throw std::runtime_error("DNSCryptContext::getCertificate() called on a nil value"); + } + + auto pairs = ctx->getCertificates(); + if (idx < pairs.size()) { + return pairs.at(idx)->cert; + } + + throw std::runtime_error("This DNSCrypt context has no certificate at index " + std::to_string(idx)); + }); + + luaCtx.registerFunction::*)()const>("printCertificates", [](const std::shared_ptr ctx) { + ostringstream ret; + + if (ctx != nullptr) { + size_t idx = 1; + boost::format fmt("%1$-3d %|5t|%2$-8d %|10t|%3$-7d %|20t|%4$-21.21s %|41t|%5$-21.21s"); + ret << (fmt % "#" % "Serial" % "Version" % "From" % "To" ) << endl; + + for (auto pair : ctx->getCertificates()) { + const auto cert = pair->cert; + const DNSCryptExchangeVersion version = DNSCryptContext::getExchangeVersion(cert); + + ret << (fmt % idx % cert.getSerial() % (version == DNSCryptExchangeVersion::VERSION1 ? 1 : 2) % DNSCryptContext::certificateDateToStr(cert.getTSStart()) % DNSCryptContext::certificateDateToStr(cert.getTSEnd())) << endl; + } + } + + return ret.str(); + }); + + luaCtx.registerFunction version)>("generateAndLoadInMemoryCertificate", [](DNSCryptContext& ctx, const std::string& providerPrivateKeyFile, uint32_t serial, time_t begin, time_t end, boost::optional version) { + DNSCryptPrivateKey privateKey; + DNSCryptCert cert; + + try { + if (generateDNSCryptCertificate(providerPrivateKeyFile, serial, begin, end, version ? *version : DNSCryptExchangeVersion::VERSION1, cert, privateKey)) { + ctx.addNewCertificate(cert, privateKey); + } + } + catch(const std::exception& e) { + errlog(e.what()); + g_outputBuffer="Error: "+string(e.what())+"\n"; + } + }); + + /* DNSCryptCertificatePair */ + luaCtx.registerFunction::*)()const>("getCertificate", [](const std::shared_ptr pair) { + if (pair == nullptr) { + throw std::runtime_error("DNSCryptCertificatePair::getCertificate() called on a nil value"); + } + return pair->cert; + }); + luaCtx.registerFunction::*)()const>("isActive", [](const std::shared_ptr pair) { + if (pair == nullptr) { + throw std::runtime_error("DNSCryptCertificatePair::isActive() called on a nil value"); + } + return pair->active; + }); + + /* DNSCryptCert */ + luaCtx.registerFunction("getMagic", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast(cert.magic), sizeof(cert.magic)); }); + luaCtx.registerFunction("getEsVersion", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast(cert.esVersion), sizeof(cert.esVersion)); }); + luaCtx.registerFunction("getProtocolMinorVersion", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast(cert.protocolMinorVersion), sizeof(cert.protocolMinorVersion)); }); + luaCtx.registerFunction("getSignature", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast(cert.signature), sizeof(cert.signature)); }); + luaCtx.registerFunction("getResolverPublicKey", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast(cert.signedData.resolverPK), sizeof(cert.signedData.resolverPK)); }); + luaCtx.registerFunction("getClientMagic", [](const DNSCryptCert& cert) { return std::string(reinterpret_cast(cert.signedData.clientMagic), sizeof(cert.signedData.clientMagic)); }); + luaCtx.registerFunction("getSerial", [](const DNSCryptCert& cert) { return cert.getSerial(); }); + luaCtx.registerFunction("getTSStart", [](const DNSCryptCert& cert) { return ntohl(cert.getTSStart()); }); + luaCtx.registerFunction("getTSEnd", [](const DNSCryptCert& cert) { return ntohl(cert.getTSEnd()); }); +#endif +} diff --git a/dnsdist-lua-bindings-dnsquestion.cc b/dnsdist-lua-bindings-dnsquestion.cc new file mode 100644 index 0000000..492f188 --- /dev/null +++ b/dnsdist-lua-bindings-dnsquestion.cc @@ -0,0 +1,305 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "dnsdist.hh" +#include "dnsdist-ecs.hh" +#include "dnsdist-lua.hh" +#include "dnsparser.hh" + +void setupLuaBindingsDNSQuestion(LuaContext& luaCtx) +{ + /* DNSQuestion */ + /* PowerDNS DNSQuestion compat */ + luaCtx.registerMember("localaddr", [](const DNSQuestion& dq) -> const ComboAddress { return *dq.local; }, [](DNSQuestion& dq, const ComboAddress newLocal) { (void) newLocal; }); + luaCtx.registerMember("qname", [](const DNSQuestion& dq) -> const DNSName { return *dq.qname; }, [](DNSQuestion& dq, const DNSName newName) { (void) newName; }); + luaCtx.registerMember("qtype", [](const DNSQuestion& dq) -> uint16_t { return dq.qtype; }, [](DNSQuestion& dq, uint16_t newType) { (void) newType; }); + luaCtx.registerMember("qclass", [](const DNSQuestion& dq) -> uint16_t { return dq.qclass; }, [](DNSQuestion& dq, uint16_t newClass) { (void) newClass; }); + luaCtx.registerMember("rcode", [](const DNSQuestion& dq) -> int { return dq.getHeader()->rcode; }, [](DNSQuestion& dq, int newRCode) { dq.getHeader()->rcode = newRCode; }); + luaCtx.registerMember("remoteaddr", [](const DNSQuestion& dq) -> const ComboAddress { return *dq.remote; }, [](DNSQuestion& dq, const ComboAddress newRemote) { (void) newRemote; }); + /* DNSDist DNSQuestion */ + luaCtx.registerMember("dh", [](const DNSQuestion& dq) -> dnsheader* { return const_cast(dq).getHeader(); }, [](DNSQuestion& dq, const dnsheader* dh) { *(dq.getHeader()) = *dh; }); + luaCtx.registerMember("len", [](const DNSQuestion& dq) -> uint16_t { return dq.getData().size(); }, [](DNSQuestion& dq, uint16_t newlen) { dq.getMutableData().resize(newlen); }); + luaCtx.registerMember("opcode", [](const DNSQuestion& dq) -> uint8_t { return dq.getHeader()->opcode; }, [](DNSQuestion& dq, uint8_t newOpcode) { (void) newOpcode; }); + luaCtx.registerMember("tcp", [](const DNSQuestion& dq) -> bool { return dq.overTCP(); }, [](DNSQuestion& dq, bool newTcp) { (void) newTcp; }); + luaCtx.registerMember("skipCache", [](const DNSQuestion& dq) -> bool { return dq.skipCache; }, [](DNSQuestion& dq, bool newSkipCache) { dq.skipCache = newSkipCache; }); + luaCtx.registerMember("useECS", [](const DNSQuestion& dq) -> bool { return dq.useECS; }, [](DNSQuestion& dq, bool useECS) { dq.useECS = useECS; }); + luaCtx.registerMember("ecsOverride", [](const DNSQuestion& dq) -> bool { return dq.ecsOverride; }, [](DNSQuestion& dq, bool ecsOverride) { dq.ecsOverride = ecsOverride; }); + luaCtx.registerMember("ecsPrefixLength", [](const DNSQuestion& dq) -> uint16_t { return dq.ecsPrefixLength; }, [](DNSQuestion& dq, uint16_t newPrefixLength) { dq.ecsPrefixLength = newPrefixLength; }); + luaCtx.registerMember (DNSQuestion::*)>("tempFailureTTL", + [](const DNSQuestion& dq) -> boost::optional { + return dq.tempFailureTTL; + }, + [](DNSQuestion& dq, boost::optional newValue) { + dq.tempFailureTTL = newValue; + } + ); + luaCtx.registerFunction("getDO", [](const DNSQuestion& dq) { + return getEDNSZ(dq) & EDNS_HEADER_FLAG_DO; + }); + luaCtx.registerFunction("getContent", [](const DNSQuestion& dq) { + return std::string(reinterpret_cast(dq.getData().data()), dq.getData().size()); + }); + luaCtx.registerFunction(DNSQuestion::*)()const>("getEDNSOptions", [](const DNSQuestion& dq) { + if (dq.ednsOptions == nullptr) { + parseEDNSOptions(dq); + } + + return *dq.ednsOptions; + }); + luaCtx.registerFunction("getTrailingData", [](const DNSQuestion& dq) { + return dq.getTrailingData(); + }); + luaCtx.registerFunction("setTrailingData", [](DNSQuestion& dq, const std::string& tail) { + return dq.setTrailingData(tail); + }); + + luaCtx.registerFunction("getServerNameIndication", [](const DNSQuestion& dq) { + return dq.sni; + }); + + luaCtx.registerFunction("getProtocol", [](const DNSQuestion& dq) { + return dq.getProtocol().toPrettyString(); + }); + + luaCtx.registerFunction("sendTrap", [](const DNSQuestion& dq, boost::optional reason) { +#ifdef HAVE_NET_SNMP + if (g_snmpAgent && g_snmpTrapsEnabled) { + g_snmpAgent->sendDNSTrap(dq, reason ? *reason : ""); + } +#endif /* HAVE_NET_SNMP */ + }); + + luaCtx.registerFunction("setTag", [](DNSQuestion& dq, const std::string& strLabel, const std::string& strValue) { + dq.setTag(strLabel, strValue); + }); + luaCtx.registerFunction>)>("setTagArray", [](DNSQuestion& dq, const vector>&tags) { + for (const auto& tag : tags) { + dq.setTag(tag.first, tag.second); + } + }); + luaCtx.registerFunction("getTag", [](const DNSQuestion& dq, const std::string& strLabel) { + if (!dq.qTag) { + return string(); + } + + std::string strValue; + const auto it = dq.qTag->find(strLabel); + if (it == dq.qTag->cend()) { + return string(); + } + return it->second; + }); + luaCtx.registerFunction("getTagArray", [](const DNSQuestion& dq) { + if (!dq.qTag) { + QTag empty; + return empty; + } + + return *dq.qTag; + }); + + luaCtx.registerFunction>)>("setProxyProtocolValues", [](DNSQuestion& dq, const std::vector>& values) { + if (!dq.proxyProtocolValues) { + dq.proxyProtocolValues = make_unique>(); + } + + dq.proxyProtocolValues->clear(); + dq.proxyProtocolValues->reserve(values.size()); + for (const auto& value : values) { + dq.proxyProtocolValues->push_back({value.second, value.first}); + } + }); + + luaCtx.registerFunction("addProxyProtocolValue", [](DNSQuestion& dq, uint8_t type, std::string value) { + if (!dq.proxyProtocolValues) { + dq.proxyProtocolValues = make_unique>(); + } + + dq.proxyProtocolValues->push_back({value, type}); + }); + + luaCtx.registerFunction>(DNSQuestion::*)()>("getProxyProtocolValues", [](const DNSQuestion& dq) { + if (!dq.proxyProtocolValues) { + return std::vector>(); + } + + std::vector> result; + result.resize(dq.proxyProtocolValues->size()); + for (const auto& value : *dq.proxyProtocolValues) { + result.push_back({ value.type, value.content }); + } + + return result; + }); + + luaCtx.registerFunction>, std::vector>>& response)>("spoof", [](DNSQuestion& dq, const boost::variant>, std::vector>>& response) { + if (response.type() == typeid(vector>)) { + std::vector data; + auto responses = boost::get>>(response); + data.reserve(responses.size()); + for (const auto& resp : responses) { + data.push_back(resp.second); + } + std::string result; + SpoofAction sa(data); + sa(&dq, &result); + return; + } + if (response.type() == typeid(vector>)) { + std::vector data; + auto responses = boost::get>>(response); + data.reserve(responses.size()); + for (const auto& resp : responses) { + data.push_back(resp.second); + } + std::string result; + SpoofAction sa(data); + sa(&dq, &result); + return; + } + }); + + /* LuaWrapper doesn't support inheritance */ + luaCtx.registerMember("localaddr", [](const DNSResponse& dq) -> const ComboAddress { return *dq.local; }, [](DNSResponse& dq, const ComboAddress newLocal) { (void) newLocal; }); + luaCtx.registerMember("qname", [](const DNSResponse& dq) -> const DNSName { return *dq.qname; }, [](DNSResponse& dq, const DNSName newName) { (void) newName; }); + luaCtx.registerMember("qtype", [](const DNSResponse& dq) -> uint16_t { return dq.qtype; }, [](DNSResponse& dq, uint16_t newType) { (void) newType; }); + luaCtx.registerMember("qclass", [](const DNSResponse& dq) -> uint16_t { return dq.qclass; }, [](DNSResponse& dq, uint16_t newClass) { (void) newClass; }); + luaCtx.registerMember("rcode", [](const DNSResponse& dq) -> int { return dq.getHeader()->rcode; }, [](DNSResponse& dq, int newRCode) { dq.getHeader()->rcode = newRCode; }); + luaCtx.registerMember("remoteaddr", [](const DNSResponse& dq) -> const ComboAddress { return *dq.remote; }, [](DNSResponse& dq, const ComboAddress newRemote) { (void) newRemote; }); + luaCtx.registerMember("dh", [](const DNSResponse& dr) -> dnsheader* { return const_cast(dr).getHeader(); }, [](DNSResponse& dr, const dnsheader* dh) { *(dr.getHeader()) = *dh; }); + luaCtx.registerMember("len", [](const DNSResponse& dq) -> uint16_t { return dq.getData().size(); }, [](DNSResponse& dq, uint16_t newlen) { dq.getMutableData().resize(newlen); }); + luaCtx.registerMember("opcode", [](const DNSResponse& dq) -> uint8_t { return dq.getHeader()->opcode; }, [](DNSResponse& dq, uint8_t newOpcode) { (void) newOpcode; }); + luaCtx.registerMember("tcp", [](const DNSResponse& dq) -> bool { return dq.overTCP(); }, [](DNSResponse& dq, bool newTcp) { (void) newTcp; }); + luaCtx.registerMember("skipCache", [](const DNSResponse& dq) -> bool { return dq.skipCache; }, [](DNSResponse& dq, bool newSkipCache) { dq.skipCache = newSkipCache; }); + luaCtx.registerFunction editFunc)>("editTTLs", [](DNSResponse& dr, std::function editFunc) { + editDNSPacketTTL(reinterpret_cast(dr.getMutableData().data()), dr.getData().size(), editFunc); + }); + luaCtx.registerFunction("getDO", [](const DNSResponse& dq) { + return getEDNSZ(dq) & EDNS_HEADER_FLAG_DO; + }); + luaCtx.registerFunction("getContent", [](const DNSResponse& dq) { + return std::string(reinterpret_cast(dq.getData().data()), dq.getData().size()); + }); + luaCtx.registerFunction(DNSResponse::*)()const>("getEDNSOptions", [](const DNSResponse& dq) { + if (dq.ednsOptions == nullptr) { + parseEDNSOptions(dq); + } + + return *dq.ednsOptions; + }); + luaCtx.registerFunction("getTrailingData", [](const DNSResponse& dq) { + return dq.getTrailingData(); + }); + luaCtx.registerFunction("setTrailingData", [](DNSResponse& dq, const std::string& tail) { + return dq.setTrailingData(tail); + }); + + luaCtx.registerFunction("setTag", [](DNSResponse& dr, const std::string& strLabel, const std::string& strValue) { + dr.setTag(strLabel, strValue); + }); + + luaCtx.registerFunction>)>("setTagArray", [](DNSResponse& dr, const vector>&tags) { + for (const auto& tag : tags) { + dr.setTag(tag.first, tag.second); + } + }); + luaCtx.registerFunction("getTag", [](const DNSResponse& dr, const std::string& strLabel) { + if (!dr.qTag) { + return string(); + } + + std::string strValue; + const auto it = dr.qTag->find(strLabel); + if (it == dr.qTag->cend()) { + return string(); + } + return it->second; + }); + luaCtx.registerFunction("getTagArray", [](const DNSResponse& dr) { + if (!dr.qTag) { + QTag empty; + return empty; + } + + return *dr.qTag; + }); + + luaCtx.registerFunction("getProtocol", [](const DNSResponse& dr) { + return dr.getProtocol().toPrettyString(); + }); + + luaCtx.registerFunction("sendTrap", [](const DNSResponse& dr, boost::optional reason) { +#ifdef HAVE_NET_SNMP + if (g_snmpAgent && g_snmpTrapsEnabled) { + g_snmpAgent->sendDNSTrap(dr, reason ? *reason : ""); + } +#endif /* HAVE_NET_SNMP */ + }); + +#ifdef HAVE_DNS_OVER_HTTPS + luaCtx.registerFunction("getHTTPPath", [](const DNSQuestion& dq) { + if (dq.du == nullptr) { + return std::string(); + } + return dq.du->getHTTPPath(); + }); + + luaCtx.registerFunction("getHTTPQueryString", [](const DNSQuestion& dq) { + if (dq.du == nullptr) { + return std::string(); + } + return dq.du->getHTTPQueryString(); + }); + + luaCtx.registerFunction("getHTTPHost", [](const DNSQuestion& dq) { + if (dq.du == nullptr) { + return std::string(); + } + return dq.du->getHTTPHost(); + }); + + luaCtx.registerFunction("getHTTPScheme", [](const DNSQuestion& dq) { + if (dq.du == nullptr) { + return std::string(); + } + return dq.du->getHTTPScheme(); + }); + + luaCtx.registerFunction(DNSQuestion::*)(void)const>("getHTTPHeaders", [](const DNSQuestion& dq) { + if (dq.du == nullptr) { + return std::unordered_map(); + } + return dq.du->getHTTPHeaders(); + }); + + luaCtx.registerFunction contentType)>("setHTTPResponse", [](DNSQuestion& dq, uint16_t statusCode, const std::string& body, const boost::optional contentType) { + if (dq.du == nullptr) { + return; + } + PacketBuffer vect(body.begin(), body.end()); + dq.du->setHTTPResponse(statusCode, std::move(vect), contentType ? *contentType : ""); + }); +#endif /* HAVE_DNS_OVER_HTTPS */ + + luaCtx.registerFunction("setNegativeAndAdditionalSOA", [](DNSQuestion& dq, bool nxd, const std::string& zone, uint32_t ttl, const std::string& mname, const std::string& rname, uint32_t serial, uint32_t refresh, uint32_t retry, uint32_t expire, uint32_t minimum) { + return setNegativeAndAdditionalSOA(dq, nxd, DNSName(zone), ttl, DNSName(mname), DNSName(rname), serial, refresh, retry, expire, minimum); + }); +} diff --git a/dnsdist-lua-bindings-kvs.cc b/dnsdist-lua-bindings-kvs.cc new file mode 100644 index 0000000..b1e0c0f --- /dev/null +++ b/dnsdist-lua-bindings-kvs.cc @@ -0,0 +1,115 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "dnsdist.hh" +#include "dnsdist-kvs.hh" +#include "dnsdist-lua.hh" + +void setupLuaBindingsKVS(LuaContext& luaCtx, bool client) +{ + /* Key Value Store objects */ + luaCtx.writeFunction("KeyValueLookupKeySourceIP", [](boost::optional v4Mask, boost::optional v6Mask, boost::optional includePort) { + return std::shared_ptr(new KeyValueLookupKeySourceIP(v4Mask.get_value_or(32), v6Mask.get_value_or(128), includePort.get_value_or(false))); + }); + luaCtx.writeFunction("KeyValueLookupKeyQName", [](boost::optional wireFormat) { + return std::shared_ptr(new KeyValueLookupKeyQName(wireFormat ? *wireFormat : true)); + }); + luaCtx.writeFunction("KeyValueLookupKeySuffix", [](boost::optional minLabels, boost::optional wireFormat) { + return std::shared_ptr(new KeyValueLookupKeySuffix(minLabels ? *minLabels : 0, wireFormat ? *wireFormat : true)); + }); + luaCtx.writeFunction("KeyValueLookupKeyTag", [](const std::string& tag) { + return std::shared_ptr(new KeyValueLookupKeyTag(tag)); + }); + +#ifdef HAVE_LMDB + luaCtx.writeFunction("newLMDBKVStore", [client](const std::string& fname, const std::string& dbName, boost::optional noLock) { + if (client) { + return std::shared_ptr(nullptr); + } + return std::shared_ptr(new LMDBKVStore(fname, dbName, noLock.get_value_or(false))); + }); +#endif /* HAVE_LMDB */ + +#ifdef HAVE_CDB + luaCtx.writeFunction("newCDBKVStore", [client](const std::string& fname, time_t refreshDelay) { + if (client) { + return std::shared_ptr(nullptr); + } + return std::shared_ptr(new CDBKVStore(fname, refreshDelay)); + }); +#endif /* HAVE_CDB */ + + luaCtx.registerFunction::*)(const boost::variant, boost::optional wireFormat)>("lookup", [](std::shared_ptr& kvs, const boost::variant keyVar, boost::optional wireFormat) { + std::string result; + if (!kvs) { + return result; + } + + if (keyVar.type() == typeid(ComboAddress)) { + const auto ca = boost::get(&keyVar); + KeyValueLookupKeySourceIP lookup(32, 128, false); + for (const auto& key : lookup.getKeys(*ca)) { + if (kvs->getValue(key, result)) { + return result; + } + } + } + else if (keyVar.type() == typeid(DNSName)) { + const DNSName* dn = boost::get(&keyVar); + KeyValueLookupKeyQName lookup(wireFormat ? *wireFormat : true); + for (const auto& key : lookup.getKeys(*dn)) { + if (kvs->getValue(key, result)) { + return result; + } + } + } + else if (keyVar.type() == typeid(std::string)) { + const std::string* keyStr = boost::get(&keyVar); + kvs->getValue(*keyStr, result); + } + + return result; + }); + + luaCtx.registerFunction::*)(const DNSName&, boost::optional minLabels, boost::optional wireFormat)>("lookupSuffix", [](std::shared_ptr& kvs, const DNSName& dn, boost::optional minLabels, boost::optional wireFormat) { + std::string result; + if (!kvs) { + return result; + } + + KeyValueLookupKeySuffix lookup(minLabels ? *minLabels : 0, wireFormat ? *wireFormat : true); + for (const auto& key : lookup.getKeys(dn)) { + if (kvs->getValue(key, result)) { + return result; + } + } + + return result; + }); + + luaCtx.registerFunction::*)()>("reload", [](std::shared_ptr& kvs) { + if (!kvs) { + return false; + } + + return kvs->reload(); + }); +} diff --git a/dnsdist-lua-bindings-packetcache.cc b/dnsdist-lua-bindings-packetcache.cc new file mode 100644 index 0000000..086fb5d --- /dev/null +++ b/dnsdist-lua-bindings-packetcache.cc @@ -0,0 +1,220 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include +#include +#include + +#include "config.h" +#include "dolog.hh" +#include "dnsdist.hh" +#include "dnsdist-lua.hh" + +#include + +void setupLuaBindingsPacketCache(LuaContext& luaCtx, bool client) +{ + /* PacketCache */ + luaCtx.writeFunction("newPacketCache", [client](size_t maxEntries, boost::optional>>>> vars) { + + bool keepStaleData = false; + size_t maxTTL = 86400; + size_t minTTL = 0; + size_t tempFailTTL = 60; + size_t maxNegativeTTL = 3600; + size_t staleTTL = 60; + size_t numberOfShards = 20; + bool dontAge = false; + bool deferrableInsertLock = true; + bool ecsParsing = false; + std::unordered_set optionsToSkip{EDNSOptionCode::COOKIE}; + + if (vars) { + + if (vars->count("deferrableInsertLock")) { + deferrableInsertLock = boost::get((*vars)["deferrableInsertLock"]); + } + + if (vars->count("dontAge")) { + dontAge = boost::get((*vars)["dontAge"]); + } + + if (vars->count("keepStaleData")) { + keepStaleData = boost::get((*vars)["keepStaleData"]); + } + + if (vars->count("maxNegativeTTL")) { + maxNegativeTTL = boost::get((*vars)["maxNegativeTTL"]); + } + + if (vars->count("maxTTL")) { + maxTTL = boost::get((*vars)["maxTTL"]); + } + + if (vars->count("minTTL")) { + minTTL = boost::get((*vars)["minTTL"]); + } + + if (vars->count("numberOfShards")) { + numberOfShards = boost::get((*vars)["numberOfShards"]); + } + + if (vars->count("parseECS")) { + ecsParsing = boost::get((*vars)["parseECS"]); + } + + if (vars->count("staleTTL")) { + staleTTL = boost::get((*vars)["staleTTL"]); + } + + if (vars->count("temporaryFailureTTL")) { + tempFailTTL = boost::get((*vars)["temporaryFailureTTL"]); + } + + if (vars->count("cookieHashing")) { + if (boost::get((*vars)["cookieHashing"])) { + optionsToSkip.erase(EDNSOptionCode::COOKIE); + } + } + if (vars->count("skipOptions")) { + for (auto option: boost::get>>(vars->at("skipOptions"))) { + optionsToSkip.insert(option.second); + } + } + } + + if (maxEntries == 0) { + warnlog("The number of entries in the packet cache is set to 0, raising to 1"); + g_outputBuffer += "The number of entries in the packet cache is set to 0, raising to 1"; + maxEntries = 1; + } + + if (maxEntries < numberOfShards) { + warnlog("The number of entries (%d) in the packet cache is smaller than the number of shards (%d), decreasing the number of shards to %d", maxEntries, numberOfShards, maxEntries); + g_outputBuffer += "The number of entries (" + std::to_string(maxEntries) + " in the packet cache is smaller than the number of shards (" + std::to_string(numberOfShards) + "), decreasing the number of shards to " + std::to_string(maxEntries); + numberOfShards = maxEntries; + } + + if (client) { + maxEntries = 1; + numberOfShards = 1; + } + + auto res = std::make_shared(maxEntries, maxTTL, minTTL, tempFailTTL, maxNegativeTTL, staleTTL, dontAge, numberOfShards, deferrableInsertLock, ecsParsing); + + res->setKeepStaleData(keepStaleData); + res->setSkippedOptions(optionsToSkip); + + return res; + }); + luaCtx.registerFunction::*)()const>("toString", [](const std::shared_ptr& cache) { + if (cache) { + return cache->toString(); + } + return std::string(); + }); + luaCtx.registerFunction::*)()const>("isFull", [](const std::shared_ptr& cache) { + if (cache) { + return cache->isFull(); + } + return false; + }); + luaCtx.registerFunction::*)(size_t)>("purgeExpired", [](std::shared_ptr& cache, size_t upTo) { + if (cache) { + const time_t now = time(nullptr); + + return cache->purgeExpired(upTo, now); + } + return static_cast(0); + }); + luaCtx.registerFunction::*)(size_t)>("expunge", [](std::shared_ptr& cache, size_t upTo) { + if (cache) { + return cache->expunge(upTo); + } + return static_cast(0); + }); + luaCtx.registerFunction::*)(const boost::variant& dname, boost::optional qtype, boost::optional suffixMatch)>("expungeByName", []( + std::shared_ptr& cache, + const boost::variant& dname, + boost::optional qtype, + boost::optional suffixMatch) { + DNSName qname; + if (dname.type() == typeid(DNSName)) { + qname = boost::get(dname); + } + if (dname.type() == typeid(string)) { + qname = DNSName(boost::get(dname)); + } + if (cache) { + g_outputBuffer="Expunged " + std::to_string(cache->expungeByName(qname, qtype ? *qtype : QType(QType::ANY).getCode(), suffixMatch ? *suffixMatch : false)) + " records\n"; + } + }); + luaCtx.registerFunction::*)()const>("printStats", [](const std::shared_ptr& cache) { + if (cache) { + g_outputBuffer="Entries: " + std::to_string(cache->getEntriesCount()) + "/" + std::to_string(cache->getMaxEntries()) + "\n"; + g_outputBuffer+="Hits: " + std::to_string(cache->getHits()) + "\n"; + g_outputBuffer+="Misses: " + std::to_string(cache->getMisses()) + "\n"; + g_outputBuffer+="Deferred inserts: " + std::to_string(cache->getDeferredInserts()) + "\n"; + g_outputBuffer+="Deferred lookups: " + std::to_string(cache->getDeferredLookups()) + "\n"; + g_outputBuffer+="Lookup Collisions: " + std::to_string(cache->getLookupCollisions()) + "\n"; + g_outputBuffer+="Insert Collisions: " + std::to_string(cache->getInsertCollisions()) + "\n"; + g_outputBuffer+="TTL Too Shorts: " + std::to_string(cache->getTTLTooShorts()) + "\n"; + } + }); + luaCtx.registerFunction(std::shared_ptr::*)()const>("getStats", [](const std::shared_ptr& cache) { + std::unordered_map stats; + if (cache) { + stats["entries"] = cache->getEntriesCount(); + stats["maxEntries"] = cache->getMaxEntries(); + stats["hits"] = cache->getHits(); + stats["misses"] = cache->getMisses(); + stats["deferredInserts"] = cache->getDeferredInserts(); + stats["deferredLookups"] = cache->getDeferredLookups(); + stats["lookupCollisions"] = cache->getLookupCollisions(); + stats["insertCollisions"] = cache->getInsertCollisions(); + stats["ttlTooShorts"] = cache->getTTLTooShorts(); + } + return stats; + }); + luaCtx.registerFunction::*)(const std::string& fname)const>("dump", [](const std::shared_ptr& cache, const std::string& fname) { + if (cache) { + + int fd = open(fname.c_str(), O_CREAT | O_EXCL | O_WRONLY, 0660); + if (fd < 0) { + g_outputBuffer = "Error opening dump file for writing: " + stringerror() + "\n"; + return; + } + + uint64_t records = 0; + try { + records = cache->dump(fd); + } + catch (const std::exception& e) { + close(fd); + throw; + } + + close(fd); + + g_outputBuffer += "Dumped " + std::to_string(records) + " records\n"; + } + }); +} diff --git a/dnsdist-lua-bindings-protobuf.cc b/dnsdist-lua-bindings-protobuf.cc new file mode 100644 index 0000000..373c841 --- /dev/null +++ b/dnsdist-lua-bindings-protobuf.cc @@ -0,0 +1,168 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "config.h" +#include "dnsdist.hh" +#include "dnsdist-lua.hh" + +#include "dnsdist-protobuf.hh" +#include "dnstap.hh" +#include "fstrm_logger.hh" +#include "remote_logger.hh" + +#ifdef HAVE_LIBCRYPTO +#include "ipcipher.hh" +#endif /* HAVE_LIBCRYPTO */ + +#ifdef HAVE_FSTRM +static void parseFSTRMOptions(const boost::optional>& params, std::unordered_map& options) +{ + if (!params) { + return; + } + + static std::vector const potentialOptions = { "bufferHint", "flushTimeout", "inputQueueSize", "outputQueueSize", "queueNotifyThreshold", "reopenInterval" }; + + for (const auto& potentialOption : potentialOptions) { + if (params->count(potentialOption)) { + options[potentialOption] = boost::get(params->at(potentialOption)); + } + } +} +#endif /* HAVE_FSTRM */ + +void setupLuaBindingsProtoBuf(LuaContext& luaCtx, bool client, bool configCheck) +{ +#ifdef HAVE_LIBCRYPTO + luaCtx.registerFunction("ipencrypt", [](const ComboAddress& ca, const std::string& key) { + return encryptCA(ca, key); + }); + luaCtx.registerFunction("ipdecrypt", [](const ComboAddress& ca, const std::string& key) { + return decryptCA(ca, key); + }); + + luaCtx.writeFunction("makeIPCipherKey", [](const std::string& password) { + return makeIPCipherKey(password); + }); +#endif /* HAVE_LIBCRYPTO */ + + /* ProtobufMessage */ + luaCtx.registerFunction("setTag", [](DNSDistProtoBufMessage& message, const std::string& strValue) { + message.addTag(strValue); + }); + luaCtx.registerFunction>)>("setTagArray", [](DNSDistProtoBufMessage& message, const vector>&tags) { + for (const auto& tag : tags) { + message.addTag(tag.second); + } + }); + + luaCtx.registerFunction sec, boost::optional uSec)>("setProtobufResponseType", + [](DNSDistProtoBufMessage& message, boost::optional sec, boost::optional uSec) { + message.setType(pdns::ProtoZero::Message::MessageType::DNSResponseType); + message.setQueryTime(sec ? *sec : 0, uSec ? *uSec : 0); + }); + + luaCtx.registerFunction("addResponseRR", [](DNSDistProtoBufMessage& message, + const std::string& strQueryName, uint16_t uType, uint16_t uClass, uint32_t uTTL, const std::string& strBlob) { + message.addRR(DNSName(strQueryName), uType, uClass, uTTL, strBlob); + }); + luaCtx.registerFunction("setEDNSSubnet", [](DNSDistProtoBufMessage& message, const Netmask& subnet) { message.setEDNSSubnet(subnet); }); + luaCtx.registerFunction("setQuestion", [](DNSDistProtoBufMessage& message, const DNSName& qname, uint16_t qtype, uint16_t qclass) { message.setQuestion(qname, qtype, qclass); }); + luaCtx.registerFunction("setBytes", [](DNSDistProtoBufMessage& message, size_t bytes) { message.setBytes(bytes); }); + luaCtx.registerFunction("setTime", [](DNSDistProtoBufMessage& message, time_t sec, uint32_t usec) { message.setTime(sec, usec); }); + luaCtx.registerFunction("setQueryTime", [](DNSDistProtoBufMessage& message, time_t sec, uint32_t usec) { message.setQueryTime(sec, usec); }); + luaCtx.registerFunction("setResponseCode", [](DNSDistProtoBufMessage& message, uint8_t rcode) { message.setResponseCode(rcode); }); + + luaCtx.registerFunction)>("setRequestor", [](DNSDistProtoBufMessage& message, const ComboAddress& addr, boost::optional port) { + message.setRequestor(addr); + if (port) { + message.setRequestorPort(*port); + } + }); + luaCtx.registerFunction)>("setRequestorFromString", [](DNSDistProtoBufMessage& message, const std::string& str, boost::optional port) { + message.setRequestor(ComboAddress(str)); + if (port) { + message.setRequestorPort(*port); + } + }); + luaCtx.registerFunction)>("setResponder", [](DNSDistProtoBufMessage& message, const ComboAddress& addr, boost::optional port) { + message.setResponder(addr); + if (port) { + message.setResponderPort(*port); + } + }); + luaCtx.registerFunction)>("setResponderFromString", [](DNSDistProtoBufMessage& message, const std::string& str, boost::optional port) { + message.setResponder(ComboAddress(str)); + if (port) { + message.setResponderPort(*port); + } + }); + luaCtx.registerFunction("setServerIdentity", [](DNSDistProtoBufMessage& message, const std::string& str) { + message.setServerIdentity(str); + }); + + luaCtx.registerFunction("setExtra", [](DnstapMessage& message, const std::string& str) { + message.setExtra(str); + }); + + /* RemoteLogger */ + luaCtx.writeFunction("newRemoteLogger", [client,configCheck](const std::string& remote, boost::optional timeout, boost::optional maxQueuedEntries, boost::optional reconnectWaitTime) { + if (client || configCheck) { + return std::shared_ptr(nullptr); + } + return std::shared_ptr(new RemoteLogger(ComboAddress(remote), timeout ? *timeout : 2, maxQueuedEntries ? (*maxQueuedEntries*100) : 10000, reconnectWaitTime ? *reconnectWaitTime : 1, client)); + }); + + luaCtx.writeFunction("newFrameStreamUnixLogger", [client,configCheck](const std::string& address, boost::optional> params) { +#ifdef HAVE_FSTRM + if (client || configCheck) { + return std::shared_ptr(nullptr); + } + + std::unordered_map options; + parseFSTRMOptions(params, options); + return std::shared_ptr(new FrameStreamLogger(AF_UNIX, address, !client, options)); +#else + throw std::runtime_error("fstrm support is required to build an AF_UNIX FrameStreamLogger"); +#endif /* HAVE_FSTRM */ + }); + + luaCtx.writeFunction("newFrameStreamTcpLogger", [client,configCheck](const std::string& address, boost::optional> params) { +#if defined(HAVE_FSTRM) && defined(HAVE_FSTRM_TCP_WRITER_INIT) + if (client || configCheck) { + return std::shared_ptr(nullptr); + } + + std::unordered_map options; + parseFSTRMOptions(params, options); + return std::shared_ptr(new FrameStreamLogger(AF_INET, address, !client, options)); +#else + throw std::runtime_error("fstrm with TCP support is required to build an AF_INET FrameStreamLogger"); +#endif /* HAVE_FSTRM */ + }); + + luaCtx.registerFunction::*)()const>("toString", [](const std::shared_ptr& logger) { + if (logger) { + return logger->toString(); + } + return std::string(); + }); +} diff --git a/dnsdist-lua-bindings.cc b/dnsdist-lua-bindings.cc new file mode 100644 index 0000000..e0abed5 --- /dev/null +++ b/dnsdist-lua-bindings.cc @@ -0,0 +1,624 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "config.h" +#include "dnsdist.hh" +#include "dnsdist-lua.hh" +#include "dnsdist-svc.hh" + +#include "dolog.hh" + +void setupLuaBindings(LuaContext& luaCtx, bool client) +{ + luaCtx.writeFunction("infolog", [](const string& arg) { + infolog("%s", arg); + }); + luaCtx.writeFunction("errlog", [](const string& arg) { + errlog("%s", arg); + }); + luaCtx.writeFunction("warnlog", [](const string& arg) { + warnlog("%s", arg); + }); + luaCtx.writeFunction("show", [](const string& arg) { + g_outputBuffer+=arg; + g_outputBuffer+="\n"; + }); + + /* Exceptions */ + luaCtx.registerFunction("__tostring", [](const std::exception_ptr& eptr) { + try { + if (eptr) { + std::rethrow_exception(eptr); + } + } catch(const std::exception& e) { + return string(e.what()); + } catch(const PDNSException& e) { + return e.reason; + } catch(...) { + return string("Unknown exception"); + } + return string("No exception"); + }); + /* ServerPolicy */ + luaCtx.writeFunction("newServerPolicy", [](string name, ServerPolicy::policyfunc_t policy) { return std::make_shared(name, policy, true);}); + luaCtx.registerMember("name", &ServerPolicy::d_name); + luaCtx.registerMember("policy", &ServerPolicy::d_policy); + luaCtx.registerMember("ffipolicy", &ServerPolicy::d_ffipolicy); + luaCtx.registerMember("isLua", &ServerPolicy::d_isLua); + luaCtx.registerMember("isFFI", &ServerPolicy::d_isFFI); + luaCtx.registerMember("isPerThread", &ServerPolicy::d_isPerThread); + luaCtx.registerFunction("toString", &ServerPolicy::toString); + luaCtx.registerFunction("__tostring", &ServerPolicy::toString); + + ServerPolicy policies[] = { + ServerPolicy{"firstAvailable", firstAvailable, false}, + ServerPolicy{"roundrobin", roundrobin, false}, + ServerPolicy{"wrandom", wrandom, false}, + ServerPolicy{"whashed", whashed, false}, + ServerPolicy{"chashed", chashed, false}, + ServerPolicy{"leastOutstanding", leastOutstanding, false} + }; + for (auto& policy : policies) { + luaCtx.writeVariable(policy.d_name, policy); + } + + /* ServerPool */ + luaCtx.registerFunction::*)(std::shared_ptr)>("setCache", [](std::shared_ptr pool, std::shared_ptr cache) { + if (pool) { + pool->packetCache = cache; + } + }); + luaCtx.registerFunction("getCache", &ServerPool::getCache); + luaCtx.registerFunction::*)()>("unsetCache", [](std::shared_ptr pool) { + if (pool) { + pool->packetCache = nullptr; + } + }); + luaCtx.registerFunction("getECS", &ServerPool::getECS); + luaCtx.registerFunction("setECS", &ServerPool::setECS); + + /* DownstreamState */ + luaCtx.registerFunction("setQPS", [](DownstreamState& s, int lim) { s.qps = lim ? QPSLimiter(lim, lim) : QPSLimiter(); }); + luaCtx.registerFunction::*)(string)>("addPool", [](std::shared_ptr s, string pool) { + auto localPools = g_pools.getCopy(); + addServerToPool(localPools, pool, s); + g_pools.setState(localPools); + s->pools.insert(pool); + }); + luaCtx.registerFunction::*)(string)>("rmPool", [](std::shared_ptr s, string pool) { + auto localPools = g_pools.getCopy(); + removeServerFromPool(localPools, pool, s); + g_pools.setState(localPools); + s->pools.erase(pool); + }); + luaCtx.registerFunction("getOutstanding", [](const DownstreamState& s) { return s.outstanding.load(); }); + luaCtx.registerFunction("getDrops", [](const DownstreamState& s) { return s.reuseds.load(); }); + luaCtx.registerFunction("getLatency", [](const DownstreamState& s) { return s.latencyUsec; }); + luaCtx.registerFunction("isUp", &DownstreamState::isUp); + luaCtx.registerFunction("setDown", &DownstreamState::setDown); + luaCtx.registerFunction("setUp", &DownstreamState::setUp); + luaCtx.registerFunction newStatus)>("setAuto", [](DownstreamState& s, boost::optional newStatus) { + if (newStatus) { + s.setUpStatus(*newStatus); + } + s.setAuto(); + }); + luaCtx.registerFunction("getName", [](const DownstreamState& s) { return s.getName(); }); + luaCtx.registerFunction("getNameWithAddr", [](const DownstreamState& s) { return s.getNameWithAddr(); }); + luaCtx.registerMember("upStatus", &DownstreamState::upStatus); + luaCtx.registerMember("weight", + [](const DownstreamState& s) -> int {return s.weight;}, + [](DownstreamState& s, int newWeight) {s.setWeight(newWeight);} + ); + luaCtx.registerMember("order", &DownstreamState::order); + luaCtx.registerMember("name", [](const DownstreamState& backend) -> const std::string { return backend.getName(); }, [](DownstreamState& backend, const std::string& newName) { backend.setName(newName); }); + luaCtx.registerFunction("getID", [](const DownstreamState& s) { return boost::uuids::to_string(s.id); }); + + /* dnsheader */ + luaCtx.registerFunction("setRD", [](dnsheader& dh, bool v) { + dh.rd=v; + }); + + luaCtx.registerFunction("getRD", [](dnsheader& dh) { + return (bool)dh.rd; + }); + + luaCtx.registerFunction("setRA", [](dnsheader& dh, bool v) { + dh.ra=v; + }); + + luaCtx.registerFunction("getRA", [](dnsheader& dh) { + return (bool)dh.ra; + }); + + luaCtx.registerFunction("setAD", [](dnsheader& dh, bool v) { + dh.ad=v; + }); + + luaCtx.registerFunction("getAD", [](dnsheader& dh) { + return (bool)dh.ad; + }); + + luaCtx.registerFunction("setAA", [](dnsheader& dh, bool v) { + dh.aa=v; + }); + + luaCtx.registerFunction("getAA", [](dnsheader& dh) { + return (bool)dh.aa; + }); + + luaCtx.registerFunction("setCD", [](dnsheader& dh, bool v) { + dh.cd=v; + }); + + luaCtx.registerFunction("getCD", [](dnsheader& dh) { + return (bool)dh.cd; + }); + + luaCtx.registerFunction("setTC", [](dnsheader& dh, bool v) { + dh.tc=v; + if(v) dh.ra = dh.rd; // you'll always need this, otherwise TC=1 gets ignored + }); + + luaCtx.registerFunction("setQR", [](dnsheader& dh, bool v) { + dh.qr=v; + }); + + /* ComboAddress */ + luaCtx.writeFunction("newCA", [](const std::string& name) { return ComboAddress(name); }); + luaCtx.writeFunction("newCAFromRaw", [](const std::string& raw, boost::optional port) { + if (raw.size() == 4) { + struct sockaddr_in sin4; + memset(&sin4, 0, sizeof(sin4)); + sin4.sin_family = AF_INET; + memcpy(&sin4.sin_addr.s_addr, raw.c_str(), raw.size()); + if (port) { + sin4.sin_port = htons(*port); + } + return ComboAddress(&sin4); + } + else if (raw.size() == 16) { + struct sockaddr_in6 sin6; + memset(&sin6, 0, sizeof(sin6)); + sin6.sin6_family = AF_INET6; + memcpy(&sin6.sin6_addr.s6_addr, raw.c_str(), raw.size()); + if (port) { + sin6.sin6_port = htons(*port); + } + return ComboAddress(&sin6); + } + return ComboAddress(); + }); + luaCtx.registerFunction("tostring", [](const ComboAddress& ca) { return ca.toString(); }); + luaCtx.registerFunction("tostringWithPort", [](const ComboAddress& ca) { return ca.toStringWithPort(); }); + luaCtx.registerFunction("__tostring", [](const ComboAddress& ca) { return ca.toString(); }); + luaCtx.registerFunction("toString", [](const ComboAddress& ca) { return ca.toString(); }); + luaCtx.registerFunction("toStringWithPort", [](const ComboAddress& ca) { return ca.toStringWithPort(); }); + luaCtx.registerFunction("getPort", [](const ComboAddress& ca) { return ntohs(ca.sin4.sin_port); } ); + luaCtx.registerFunction("truncate", [](ComboAddress& ca, unsigned int bits) { ca.truncate(bits); }); + luaCtx.registerFunction("isIPv4", [](const ComboAddress& ca) { return ca.sin4.sin_family == AF_INET; }); + luaCtx.registerFunction("isIPv6", [](const ComboAddress& ca) { return ca.sin4.sin_family == AF_INET6; }); + luaCtx.registerFunction("isMappedIPv4", [](const ComboAddress& ca) { return ca.isMappedIPv4(); }); + luaCtx.registerFunction("mapToIPv4", [](const ComboAddress& ca) { return ca.mapToIPv4(); }); + luaCtx.registerFunction("match", [](nmts_t& s, const ComboAddress& ca) { return s.match(ca); }); + + /* DNSName */ + luaCtx.registerFunction("isPartOf", &DNSName::isPartOf); + luaCtx.registerFunction("chopOff", [](DNSName&dn ) { return dn.chopOff(); }); + luaCtx.registerFunction("countLabels", [](const DNSName& name) { return name.countLabels(); }); + luaCtx.registerFunction("hash", [](const DNSName& name) { return name.hash(); }); + luaCtx.registerFunction("wirelength", [](const DNSName& name) { return name.wirelength(); }); + luaCtx.registerFunction("tostring", [](const DNSName&dn ) { return dn.toString(); }); + luaCtx.registerFunction("toString", [](const DNSName&dn ) { return dn.toString(); }); + luaCtx.registerFunction("__tostring", [](const DNSName&dn ) { return dn.toString(); }); + luaCtx.registerFunction("toDNSString", [](const DNSName&dn ) { return dn.toDNSString(); }); + luaCtx.writeFunction("newDNSName", [](const std::string& name) { return DNSName(name); }); + luaCtx.writeFunction("newDNSNameFromRaw", [](const std::string& name) { return DNSName(name.c_str(), name.size(), 0, false); }); + luaCtx.writeFunction("newSuffixMatchNode", []() { return SuffixMatchNode(); }); + luaCtx.writeFunction("newDNSNameSet", []() { return DNSNameSet(); }); + + /* DNSNameSet */ + luaCtx.registerFunction("toString", [](const DNSNameSet&dns ) { return dns.toString(); }); + luaCtx.registerFunction("__tostring", [](const DNSNameSet&dns ) { return dns.toString(); }); + luaCtx.registerFunction("add", [](DNSNameSet& dns, DNSName& dn) { dns.insert(dn); }); + luaCtx.registerFunction("check", [](DNSNameSet& dns, DNSName& dn) { return dns.find(dn) != dns.end(); }); + luaCtx.registerFunction("delete",(size_t (DNSNameSet::*)(const DNSName&)) &DNSNameSet::erase); + luaCtx.registerFunction("size",(size_t (DNSNameSet::*)() const) &DNSNameSet::size); + luaCtx.registerFunction("clear",(void (DNSNameSet::*)()) &DNSNameSet::clear); + luaCtx.registerFunction("empty",(bool (DNSNameSet::*)() const) &DNSNameSet::empty); + + /* SuffixMatchNode */ + luaCtx.registerFunction>, vector>> &name)>("add", [](SuffixMatchNode &smn, const boost::variant>, vector>> &name) { + if (name.type() == typeid(DNSName)) { + auto n = boost::get(name); + smn.add(n); + return; + } + if (name.type() == typeid(string)) { + auto n = boost::get(name); + smn.add(n); + return; + } + if (name.type() == typeid(vector>)) { + auto names = boost::get>>(name); + for (const auto& n : names) { + smn.add(n.second); + } + return; + } + if (name.type() == typeid(vector>)) { + auto names = boost::get>>(name); + for (const auto& n : names) { + smn.add(n.second); + } + return; + } + }); + luaCtx.registerFunction>, vector>> &name)>("remove", [](SuffixMatchNode &smn, const boost::variant>, vector>> &name) { + if (name.type() == typeid(DNSName)) { + auto n = boost::get(name); + smn.remove(n); + return; + } + if (name.type() == typeid(string)) { + auto n = boost::get(name); + DNSName d(n); + smn.remove(d); + return; + } + if (name.type() == typeid(vector>)) { + auto names = boost::get>>(name); + for (const auto& n : names) { + smn.remove(n.second); + } + return; + } + if (name.type() == typeid(vector>)) { + auto names = boost::get>>(name); + for (const auto& n : names) { + DNSName d(n.second); + smn.remove(d); + } + return; + } + }); + + luaCtx.registerFunction("check",(bool (SuffixMatchNode::*)(const DNSName&) const) &SuffixMatchNode::check); + + /* Netmask */ + luaCtx.writeFunction("newNetmask", [](boost::variant s, boost::optional bits) { + if (s.type() == typeid(ComboAddress)) { + auto ca = boost::get(s); + if (bits) { + return Netmask(ca, *bits); + } + return Netmask(ca); + } + else if (s.type() == typeid(std::string)) { + auto str = boost::get(s); + return Netmask(str); + } + throw std::runtime_error("Invalid parameter passed to 'newNetmask()'"); + }); + luaCtx.registerFunction("empty", &Netmask::empty); + luaCtx.registerFunction("getBits", &Netmask::getBits); + luaCtx.registerFunction("getNetwork", [](const Netmask& nm) { return nm.getNetwork(); } ); // const reference makes this necessary + luaCtx.registerFunction("getMaskedNetwork", [](const Netmask& nm) { return nm.getMaskedNetwork(); } ); + luaCtx.registerFunction("isIpv4", &Netmask::isIPv4); + luaCtx.registerFunction("isIPv4", &Netmask::isIPv4); + luaCtx.registerFunction("isIpv6", &Netmask::isIPv6); + luaCtx.registerFunction("isIPv6", &Netmask::isIPv6); + luaCtx.registerFunction("match", (bool (Netmask::*)(const string&) const)&Netmask::match); + luaCtx.registerFunction("toString", &Netmask::toString); + luaCtx.registerFunction("__tostring", &Netmask::toString); + luaCtx.registerEqFunction(&Netmask::operator==); + luaCtx.registerToStringFunction(&Netmask::toString); + + /* NetmaskGroup */ + luaCtx.writeFunction("newNMG", []() { return NetmaskGroup(); }); + luaCtx.registerFunction("addMask", [](NetmaskGroup&nmg, const std::string& mask) + { + nmg.addMask(mask); + }); + luaCtx.registerFunction& map)>("addMasks", [](NetmaskGroup&nmg, const std::map& map) + { + for (const auto& entry : map) { + nmg.addMask(Netmask(entry.first)); + } + }); + + luaCtx.registerFunction("match", (bool (NetmaskGroup::*)(const ComboAddress&) const)&NetmaskGroup::match); + luaCtx.registerFunction("size", &NetmaskGroup::size); + luaCtx.registerFunction("clear", &NetmaskGroup::clear); + luaCtx.registerFunction("toString", [](const NetmaskGroup& nmg ) { return "NetmaskGroup " + nmg.toString(); }); + luaCtx.registerFunction("__tostring", [](const NetmaskGroup& nmg ) { return "NetmaskGroup " + nmg.toString(); }); + + /* QPSLimiter */ + luaCtx.writeFunction("newQPSLimiter", [](int rate, int burst) { return QPSLimiter(rate, burst); }); + luaCtx.registerFunction("check", &QPSLimiter::check); + + /* ClientState */ + luaCtx.registerFunction("toString", [](const ClientState& fe) { + setLuaNoSideEffect(); + return fe.local.toStringWithPort(); + }); + luaCtx.registerFunction("__tostring", [](const ClientState& fe) { + setLuaNoSideEffect(); + return fe.local.toStringWithPort(); + }); + luaCtx.registerFunction("getType", [](const ClientState& fe) { + setLuaNoSideEffect(); + return fe.getType(); + }); + luaCtx.registerFunction("getConfiguredTLSProvider", [](const ClientState& fe) { + setLuaNoSideEffect(); + if (fe.tlsFrontend != nullptr) { + return fe.tlsFrontend->getRequestedProvider(); + } + else if (fe.dohFrontend != nullptr) { + return std::string("openssl"); + } + return std::string(); + }); + luaCtx.registerFunction("getEffectiveTLSProvider", [](const ClientState& fe) { + setLuaNoSideEffect(); + if (fe.tlsFrontend != nullptr) { + return fe.tlsFrontend->getEffectiveProvider(); + } + else if (fe.dohFrontend != nullptr) { + return std::string("openssl"); + } + return std::string(); + }); + luaCtx.registerMember("muted", &ClientState::muted); +#ifdef HAVE_EBPF + luaCtx.registerFunction)>("attachFilter", [](ClientState& frontend, std::shared_ptr bpf) { + if (bpf) { + frontend.attachFilter(bpf); + } + }); + luaCtx.registerFunction("detachFilter", [](ClientState& frontend) { + frontend.detachFilter(); + }); +#endif /* HAVE_EBPF */ + + /* BPF Filter */ +#ifdef HAVE_EBPF + using bpfFilterMapParams = boost::variant>>; + luaCtx.writeFunction("newBPFFilter", [client](bpfFilterMapParams v4Params, bpfFilterMapParams v6Params, bpfFilterMapParams qnameParams, boost::optional external) { + if (client) { + return std::shared_ptr(nullptr); + } + + BPFFilter::MapConfiguration v4Config, v6Config, qnameConfig; + + auto convertParamsToConfig = [](bpfFilterMapParams& params, BPFFilter::MapType type, BPFFilter::MapConfiguration& config) { + config.d_type = type; + if (params.type() == typeid(uint32_t)) { + config.d_maxItems = boost::get(params); + } + else if (params.type() == typeid(std::unordered_map>)) { + auto map = boost::get>>(params); + if (map.count("maxItems")) { + config.d_maxItems = boost::get(map.at("maxItems")); + } + if (map.count("pinnedPath")) { + config.d_pinnedPath = boost::get(map.at("pinnedPath")); + } + } + }; + + convertParamsToConfig(v4Params, BPFFilter::MapType::IPv4, v4Config); + convertParamsToConfig(v6Params, BPFFilter::MapType::IPv6, v6Config); + convertParamsToConfig(qnameParams, BPFFilter::MapType::QNames, qnameConfig); + + BPFFilter::MapFormat format = BPFFilter::MapFormat::Legacy; + if (external && *external) { + format = BPFFilter::MapFormat::WithActions; + } + + return std::make_shared(v4Config, v6Config, qnameConfig, format, external.value_or(false)); + }); + + luaCtx.registerFunction::*)(const ComboAddress& ca, boost::optional action)>("block", [](std::shared_ptr bpf, const ComboAddress& ca, boost::optional action) { + if (bpf) { + if (!action) { + return bpf->block(ca, BPFFilter::MatchAction::Drop); + } + else { + BPFFilter::MatchAction match; + + switch (*action) { + case 0: + match = BPFFilter::MatchAction::Pass; + break; + case 1: + match = BPFFilter::MatchAction::Drop; + break; + case 2: + match = BPFFilter::MatchAction::Truncate; + break; + default: + throw std::runtime_error("Unsupported action for BPFFilter::block"); + } + return bpf->block(ca, match); + } + } + }); + + luaCtx.registerFunction::*)(const DNSName& qname, boost::optional qtype, boost::optional action)>("blockQName", [](std::shared_ptr bpf, const DNSName& qname, boost::optional qtype, boost::optional action) { + if (bpf) { + if (!action) { + return bpf->block(qname, BPFFilter::MatchAction::Drop, qtype.value_or(255)); + } + else { + BPFFilter::MatchAction match; + + switch (*action) { + case 0: + match = BPFFilter::MatchAction::Pass; + break; + case 1: + match = BPFFilter::MatchAction::Drop; + break; + case 2: + match = BPFFilter::MatchAction::Truncate; + break; + default: + throw std::runtime_error("Unsupported action for BPFFilter::blockQName"); + } + return bpf->block(qname, match, qtype.value_or(255)); + } + } + }); + + luaCtx.registerFunction::*)(const ComboAddress& ca)>("unblock", [](std::shared_ptr bpf, const ComboAddress& ca) { + if (bpf) { + return bpf->unblock(ca); + } + }); + + luaCtx.registerFunction::*)(const DNSName& qname, boost::optional qtype)>("unblockQName", [](std::shared_ptr bpf, const DNSName& qname, boost::optional qtype) { + if (bpf) { + return bpf->unblock(qname, qtype ? *qtype : 255); + } + }); + + luaCtx.registerFunction::*)()const>("getStats", [](const std::shared_ptr bpf) { + setLuaNoSideEffect(); + std::string res; + if (bpf) { + auto stats = bpf->getAddrStats(); + for (const auto& value : stats) { + if (value.first.sin4.sin_family == AF_INET) { + res += value.first.toString() + ": " + std::to_string(value.second) + "\n"; + } + else if (value.first.sin4.sin_family == AF_INET6) { + res += "[" + value.first.toString() + "]: " + std::to_string(value.second) + "\n"; + } + } + auto qstats = bpf->getQNameStats(); + for (const auto& value : qstats) { + res += std::get<0>(value).toString() + " " + std::to_string(std::get<1>(value)) + ": " + std::to_string(std::get<2>(value)) + "\n"; + } + } + return res; + }); + + luaCtx.registerFunction::*)()>("attachToAllBinds", [](std::shared_ptr bpf) { + std::string res; + if (bpf) { + for (const auto& frontend : g_frontends) { + frontend->attachFilter(bpf); + } + } + }); + + luaCtx.writeFunction("newDynBPFFilter", [client](std::shared_ptr bpf) { + if (client) { + return std::shared_ptr(nullptr); + } + return std::make_shared(bpf); + }); + + luaCtx.registerFunction::*)(const ComboAddress& addr, boost::optional seconds)>("block", [](std::shared_ptr dbpf, const ComboAddress& addr, boost::optional seconds) { + if (dbpf) { + struct timespec until; + clock_gettime(CLOCK_MONOTONIC, &until); + until.tv_sec += seconds ? *seconds : 10; + dbpf->block(addr, until); + } + }); + + luaCtx.registerFunction::*)()>("purgeExpired", [](std::shared_ptr dbpf) { + if (dbpf) { + struct timespec now; + clock_gettime(CLOCK_MONOTONIC, &now); + dbpf->purgeExpired(now); + } + }); + + luaCtx.registerFunction::*)(boost::variant>>)>("excludeRange", [](std::shared_ptr dbpf, boost::variant>> ranges) { + if (!dbpf) { + return; + } + + if (ranges.type() == typeid(std::vector>)) { + for (const auto& range : *boost::get>>(&ranges)) { + dbpf->excludeRange(Netmask(range.second)); + } + } + else { + dbpf->excludeRange(Netmask(*boost::get(&ranges))); + } + }); + + luaCtx.registerFunction::*)(boost::variant>>)>("includeRange", [](std::shared_ptr dbpf, boost::variant>> ranges) { + if (!dbpf) { + return; + } + + if (ranges.type() == typeid(std::vector>)) { + for (const auto& range : *boost::get>>(&ranges)) { + dbpf->includeRange(Netmask(range.second)); + } + } + else { + dbpf->includeRange(Netmask(*boost::get(&ranges))); + } + }); +#endif /* HAVE_EBPF */ + + /* EDNSOptionView */ + luaCtx.registerFunction("count", [](const EDNSOptionView& option) { + return option.values.size(); + }); + luaCtx.registerFunction(EDNSOptionView::*)()const>("getValues", [] (const EDNSOptionView& option) { + std::vector values; + for (const auto& value : option.values) { + values.push_back(std::string(value.content, value.size)); + } + return values; + }); + + luaCtx.writeFunction("newDOHResponseMapEntry", [](const std::string& regex, uint16_t status, const std::string& content, boost::optional> customHeaders) { + boost::optional>> headers{boost::none}; + if (customHeaders) { + headers = std::vector>(); + for (const auto& header : *customHeaders) { + headers->push_back({ boost::to_lower_copy(header.first), header.second }); + } + } + return std::make_shared(regex, status, PacketBuffer(content.begin(), content.end()), headers); + }); + + luaCtx.writeFunction("newSVCRecordParameters", [](uint16_t priority, const std::string& target, boost::optional additionalParameters) + { + SVCRecordParameters parameters; + if (additionalParameters) { + parameters = parseSVCParameters(*additionalParameters); + } + parameters.priority = priority; + parameters.target = DNSName(target); + + return parameters; + }); +} diff --git a/dnsdist-lua-ffi-interface.h b/dnsdist-lua-ffi-interface.h new file mode 100644 index 0000000..71faeb1 --- /dev/null +++ b/dnsdist-lua-ffi-interface.h @@ -0,0 +1,125 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/* we don't use a guard (C++ pragma once or even #ifndef because this file (the .inc version) + is passed to the Lua FFI wrapper which doesn't support it */ + +typedef struct dnsdist_ffi_dnsquestion_t dnsdist_ffi_dnsquestion_t; +typedef struct dnsdist_ffi_servers_list_t dnsdist_ffi_servers_list_t; +typedef struct dnsdist_ffi_server_t dnsdist_ffi_server_t; + +typedef struct dnsdist_ffi_ednsoption { + uint16_t optionCode; + uint16_t len; + const void* data; +} dnsdist_ffi_ednsoption_t; + +typedef struct dnsdist_ffi_http_header { + const char* name; + const char* value; +} dnsdist_ffi_http_header_t; + +typedef struct dnsdist_ffi_tag { + const char* name; + const char* value; +} dnsdist_ffi_tag_t; + +typedef struct dnsdist_ffi_raw_value { + const char* value; + uint16_t size; +} dnsdist_ffi_raw_value_t; + +void dnsdist_ffi_dnsquestion_get_localaddr(const dnsdist_ffi_dnsquestion_t* dq, const void** addr, size_t* addrSize) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_local_port(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_get_remoteaddr(const dnsdist_ffi_dnsquestion_t* dq, const void** addr, size_t* addrSize) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_get_masked_remoteaddr(dnsdist_ffi_dnsquestion_t* dq, const void** addr, size_t* addrSize, uint8_t bits) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_remote_port(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_get_qname_raw(const dnsdist_ffi_dnsquestion_t* dq, const char** qname, size_t* qnameSize) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_dnsquestion_get_qname_hash(const dnsdist_ffi_dnsquestion_t* dq, size_t init) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_qtype(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_qclass(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +int dnsdist_ffi_dnsquestion_get_rcode(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +void* dnsdist_ffi_dnsquestion_get_header(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_len(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_dnsquestion_get_size(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_set_size(dnsdist_ffi_dnsquestion_t* dq, size_t newSize) __attribute__ ((visibility ("default"))); +uint8_t dnsdist_ffi_dnsquestion_get_opcode(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_tcp(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_skip_cache(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_use_ecs(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_add_xpf(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_ecs_override(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_ecs_prefix_length(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_is_temp_failure_ttl_set(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +uint32_t dnsdist_ffi_dnsquestion_get_temp_failure_ttl(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_do(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_get_sni(const dnsdist_ffi_dnsquestion_t* dq, const char** sni, size_t* sniSize) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_dnsquestion_get_tag(const dnsdist_ffi_dnsquestion_t* dq, const char* label) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_dnsquestion_get_http_path(dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_dnsquestion_get_http_query_string(dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_dnsquestion_get_http_host(dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_dnsquestion_get_http_scheme(dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); + +// returns the length of the resulting 'out' array. 'out' is not set if the length is 0 +size_t dnsdist_ffi_dnsquestion_get_edns_options(dnsdist_ffi_dnsquestion_t* ref, const dnsdist_ffi_ednsoption_t** out) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_dnsquestion_get_http_headers(dnsdist_ffi_dnsquestion_t* ref, const dnsdist_ffi_http_header_t** out) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_dnsquestion_get_tag_array(dnsdist_ffi_dnsquestion_t* ref, const dnsdist_ffi_tag_t** out) __attribute__ ((visibility ("default"))); + +void dnsdist_ffi_dnsquestion_set_result(dnsdist_ffi_dnsquestion_t* dq, const char* str, size_t strSize) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_rcode(dnsdist_ffi_dnsquestion_t* dq, int rcode) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_len(dnsdist_ffi_dnsquestion_t* dq, uint16_t len) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_skip_cache(dnsdist_ffi_dnsquestion_t* dq, bool skipCache) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_use_ecs(dnsdist_ffi_dnsquestion_t* dq, bool useECS) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_ecs_override(dnsdist_ffi_dnsquestion_t* dq, bool ecsOverride) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_ecs_prefix_length(dnsdist_ffi_dnsquestion_t* dq, uint16_t ecsPrefixLength) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_temp_failure_ttl(dnsdist_ffi_dnsquestion_t* dq, uint32_t tempFailureTTL) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_unset_temp_failure_ttl(dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_tag(dnsdist_ffi_dnsquestion_t* dq, const char* label, const char* value) __attribute__ ((visibility ("default"))); + +void dnsdist_ffi_dnsquestion_set_http_response(dnsdist_ffi_dnsquestion_t* dq, uint16_t statusCode, const char* body, size_t bodyLen, const char* contentType) __attribute__ ((visibility ("default"))); + +size_t dnsdist_ffi_dnsquestion_get_trailing_data(dnsdist_ffi_dnsquestion_t* dq, const char** out) __attribute__ ((visibility ("default"))); + +bool dnsdist_ffi_dnsquestion_set_trailing_data(dnsdist_ffi_dnsquestion_t* dq, const char* data, size_t dataLen) __attribute__ ((visibility ("default"))); + +void dnsdist_ffi_dnsquestion_send_trap(dnsdist_ffi_dnsquestion_t* dq, const char* reason, size_t reasonLen) __attribute__ ((visibility ("default"))); + +// the content of values should contain raw DNS record data ('\192\000\002\001' for A, '\034this text has a comma at the end,' for TXT, etc) +void dnsdist_ffi_dnsquestion_spoof_raw(dnsdist_ffi_dnsquestion_t* dq, const dnsdist_ffi_raw_value_t* values, size_t valuesCount) __attribute__ ((visibility ("default"))); +// the content of values should contain raw IPv4 or IPv6 addresses in network byte-order +void dnsdist_ffi_dnsquestion_spoof_addrs(dnsdist_ffi_dnsquestion_t* dq, const dnsdist_ffi_raw_value_t* values, size_t valuesCount) __attribute__ ((visibility ("default"))); + +typedef struct dnsdist_ffi_servers_list_t dnsdist_ffi_servers_list_t; +typedef struct dnsdist_ffi_server_t dnsdist_ffi_server_t; + +size_t dnsdist_ffi_servers_list_get_count(const dnsdist_ffi_servers_list_t* list) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_servers_list_get_server(const dnsdist_ffi_servers_list_t* list, size_t idx, const dnsdist_ffi_server_t** out) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_servers_list_chashed(const dnsdist_ffi_servers_list_t* list, const dnsdist_ffi_dnsquestion_t* dq, size_t hash) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_servers_list_whashed(const dnsdist_ffi_servers_list_t* list, const dnsdist_ffi_dnsquestion_t* dq, size_t hash) __attribute__ ((visibility ("default"))); + +uint64_t dnsdist_ffi_server_get_outstanding(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_server_is_up(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_server_get_name(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_server_get_name_with_addr(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +int dnsdist_ffi_server_get_weight(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +int dnsdist_ffi_server_get_order(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +double dnsdist_ffi_server_get_latency(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); diff --git a/dnsdist-lua-ffi-interface.inc b/dnsdist-lua-ffi-interface.inc new file mode 100644 index 0000000..5a3fadd --- /dev/null +++ b/dnsdist-lua-ffi-interface.inc @@ -0,0 +1,127 @@ +R"FFIContent( +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +/* we don't use a guard (C++ pragma once or even #ifndef because this file (the .inc version) + is passed to the Lua FFI wrapper which doesn't support it */ + +typedef struct dnsdist_ffi_dnsquestion_t dnsdist_ffi_dnsquestion_t; +typedef struct dnsdist_ffi_servers_list_t dnsdist_ffi_servers_list_t; +typedef struct dnsdist_ffi_server_t dnsdist_ffi_server_t; + +typedef struct dnsdist_ffi_ednsoption { + uint16_t optionCode; + uint16_t len; + const void* data; +} dnsdist_ffi_ednsoption_t; + +typedef struct dnsdist_ffi_http_header { + const char* name; + const char* value; +} dnsdist_ffi_http_header_t; + +typedef struct dnsdist_ffi_tag { + const char* name; + const char* value; +} dnsdist_ffi_tag_t; + +typedef struct dnsdist_ffi_raw_value { + const char* value; + uint16_t size; +} dnsdist_ffi_raw_value_t; + +void dnsdist_ffi_dnsquestion_get_localaddr(const dnsdist_ffi_dnsquestion_t* dq, const void** addr, size_t* addrSize) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_local_port(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_get_remoteaddr(const dnsdist_ffi_dnsquestion_t* dq, const void** addr, size_t* addrSize) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_get_masked_remoteaddr(dnsdist_ffi_dnsquestion_t* dq, const void** addr, size_t* addrSize, uint8_t bits) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_remote_port(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_get_qname_raw(const dnsdist_ffi_dnsquestion_t* dq, const char** qname, size_t* qnameSize) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_dnsquestion_get_qname_hash(const dnsdist_ffi_dnsquestion_t* dq, size_t init) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_qtype(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_qclass(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +int dnsdist_ffi_dnsquestion_get_rcode(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +void* dnsdist_ffi_dnsquestion_get_header(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_len(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_dnsquestion_get_size(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_set_size(dnsdist_ffi_dnsquestion_t* dq, size_t newSize) __attribute__ ((visibility ("default"))); +uint8_t dnsdist_ffi_dnsquestion_get_opcode(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_tcp(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_skip_cache(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_use_ecs(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_add_xpf(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_ecs_override(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +uint16_t dnsdist_ffi_dnsquestion_get_ecs_prefix_length(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_is_temp_failure_ttl_set(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +uint32_t dnsdist_ffi_dnsquestion_get_temp_failure_ttl(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_dnsquestion_get_do(const dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_get_sni(const dnsdist_ffi_dnsquestion_t* dq, const char** sni, size_t* sniSize) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_dnsquestion_get_tag(const dnsdist_ffi_dnsquestion_t* dq, const char* label) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_dnsquestion_get_http_path(dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_dnsquestion_get_http_query_string(dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_dnsquestion_get_http_host(dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_dnsquestion_get_http_scheme(dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); + +// returns the length of the resulting 'out' array. 'out' is not set if the length is 0 +size_t dnsdist_ffi_dnsquestion_get_edns_options(dnsdist_ffi_dnsquestion_t* ref, const dnsdist_ffi_ednsoption_t** out) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_dnsquestion_get_http_headers(dnsdist_ffi_dnsquestion_t* ref, const dnsdist_ffi_http_header_t** out) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_dnsquestion_get_tag_array(dnsdist_ffi_dnsquestion_t* ref, const dnsdist_ffi_tag_t** out) __attribute__ ((visibility ("default"))); + +void dnsdist_ffi_dnsquestion_set_result(dnsdist_ffi_dnsquestion_t* dq, const char* str, size_t strSize) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_rcode(dnsdist_ffi_dnsquestion_t* dq, int rcode) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_len(dnsdist_ffi_dnsquestion_t* dq, uint16_t len) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_skip_cache(dnsdist_ffi_dnsquestion_t* dq, bool skipCache) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_use_ecs(dnsdist_ffi_dnsquestion_t* dq, bool useECS) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_ecs_override(dnsdist_ffi_dnsquestion_t* dq, bool ecsOverride) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_ecs_prefix_length(dnsdist_ffi_dnsquestion_t* dq, uint16_t ecsPrefixLength) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_temp_failure_ttl(dnsdist_ffi_dnsquestion_t* dq, uint32_t tempFailureTTL) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_unset_temp_failure_ttl(dnsdist_ffi_dnsquestion_t* dq) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_dnsquestion_set_tag(dnsdist_ffi_dnsquestion_t* dq, const char* label, const char* value) __attribute__ ((visibility ("default"))); + +void dnsdist_ffi_dnsquestion_set_http_response(dnsdist_ffi_dnsquestion_t* dq, uint16_t statusCode, const char* body, size_t bodyLen, const char* contentType) __attribute__ ((visibility ("default"))); + +size_t dnsdist_ffi_dnsquestion_get_trailing_data(dnsdist_ffi_dnsquestion_t* dq, const char** out) __attribute__ ((visibility ("default"))); + +bool dnsdist_ffi_dnsquestion_set_trailing_data(dnsdist_ffi_dnsquestion_t* dq, const char* data, size_t dataLen) __attribute__ ((visibility ("default"))); + +void dnsdist_ffi_dnsquestion_send_trap(dnsdist_ffi_dnsquestion_t* dq, const char* reason, size_t reasonLen) __attribute__ ((visibility ("default"))); + +// the content of values should contain raw DNS record data ('\192\000\002\001' for A, '\034this text has a comma at the end,' for TXT, etc) +void dnsdist_ffi_dnsquestion_spoof_raw(dnsdist_ffi_dnsquestion_t* dq, const dnsdist_ffi_raw_value_t* values, size_t valuesCount) __attribute__ ((visibility ("default"))); +// the content of values should contain raw IPv4 or IPv6 addresses in network byte-order +void dnsdist_ffi_dnsquestion_spoof_addrs(dnsdist_ffi_dnsquestion_t* dq, const dnsdist_ffi_raw_value_t* values, size_t valuesCount) __attribute__ ((visibility ("default"))); + +typedef struct dnsdist_ffi_servers_list_t dnsdist_ffi_servers_list_t; +typedef struct dnsdist_ffi_server_t dnsdist_ffi_server_t; + +size_t dnsdist_ffi_servers_list_get_count(const dnsdist_ffi_servers_list_t* list) __attribute__ ((visibility ("default"))); +void dnsdist_ffi_servers_list_get_server(const dnsdist_ffi_servers_list_t* list, size_t idx, const dnsdist_ffi_server_t** out) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_servers_list_chashed(const dnsdist_ffi_servers_list_t* list, const dnsdist_ffi_dnsquestion_t* dq, size_t hash) __attribute__ ((visibility ("default"))); +size_t dnsdist_ffi_servers_list_whashed(const dnsdist_ffi_servers_list_t* list, const dnsdist_ffi_dnsquestion_t* dq, size_t hash) __attribute__ ((visibility ("default"))); + +uint64_t dnsdist_ffi_server_get_outstanding(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +bool dnsdist_ffi_server_is_up(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_server_get_name(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +const char* dnsdist_ffi_server_get_name_with_addr(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +int dnsdist_ffi_server_get_weight(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +int dnsdist_ffi_server_get_order(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +double dnsdist_ffi_server_get_latency(const dnsdist_ffi_server_t* server) __attribute__ ((visibility ("default"))); +)FFIContent" diff --git a/dnsdist-lua-ffi.cc b/dnsdist-lua-ffi.cc new file mode 100644 index 0000000..25e36c2 --- /dev/null +++ b/dnsdist-lua-ffi.cc @@ -0,0 +1,583 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "dnsdist-lua-ffi.hh" +#include "dnsdist-lua.hh" +#include "dnsdist-ecs.hh" + +uint16_t dnsdist_ffi_dnsquestion_get_qtype(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->qtype; +} + +uint16_t dnsdist_ffi_dnsquestion_get_qclass(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->qclass; +} + +static void dnsdist_ffi_comboaddress_to_raw(const ComboAddress& ca, const void** addr, size_t* addrSize) +{ + if (ca.isIPv4()) { + *addr = &ca.sin4.sin_addr.s_addr; + *addrSize = sizeof(ca.sin4.sin_addr.s_addr); + } + else { + *addr = &ca.sin6.sin6_addr.s6_addr; + *addrSize = sizeof(ca.sin6.sin6_addr.s6_addr); + } +} + +void dnsdist_ffi_dnsquestion_get_localaddr(const dnsdist_ffi_dnsquestion_t* dq, const void** addr, size_t* addrSize) +{ + dnsdist_ffi_comboaddress_to_raw(*dq->dq->local, addr, addrSize); +} + +void dnsdist_ffi_dnsquestion_get_remoteaddr(const dnsdist_ffi_dnsquestion_t* dq, const void** addr, size_t* addrSize) +{ + dnsdist_ffi_comboaddress_to_raw(*dq->dq->remote, addr, addrSize); +} + +void dnsdist_ffi_dnsquestion_get_masked_remoteaddr(dnsdist_ffi_dnsquestion_t* dq, const void** addr, size_t* addrSize, uint8_t bits) +{ + dq->maskedRemote = Netmask(*dq->dq->remote, bits).getMaskedNetwork(); + dnsdist_ffi_comboaddress_to_raw(dq->maskedRemote, addr, addrSize); +} + +uint16_t dnsdist_ffi_dnsquestion_get_local_port(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->local->getPort(); +} + +uint16_t dnsdist_ffi_dnsquestion_get_remote_port(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->remote->getPort(); +} + +void dnsdist_ffi_dnsquestion_get_qname_raw(const dnsdist_ffi_dnsquestion_t* dq, const char** qname, size_t* qnameSize) +{ + const auto& storage = dq->dq->qname->getStorage(); + *qname = storage.data(); + *qnameSize = storage.size(); +} + +size_t dnsdist_ffi_dnsquestion_get_qname_hash(const dnsdist_ffi_dnsquestion_t* dq, size_t init) +{ + return dq->dq->qname->hash(init); +} + +int dnsdist_ffi_dnsquestion_get_rcode(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->getHeader()->rcode; +} + +void* dnsdist_ffi_dnsquestion_get_header(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->getHeader(); +} + +uint16_t dnsdist_ffi_dnsquestion_get_len(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->getData().size(); +} + +size_t dnsdist_ffi_dnsquestion_get_size(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->getData().size(); +} + +bool dnsdist_ffi_dnsquestion_set_size(dnsdist_ffi_dnsquestion_t* dq, size_t newSize) +{ + try { + dq->dq->getMutableData().resize(newSize); + return true; + } + catch (const std::exception& e) { + return false; + } +} + +uint8_t dnsdist_ffi_dnsquestion_get_opcode(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->getHeader()->opcode; +} + +bool dnsdist_ffi_dnsquestion_get_tcp(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->overTCP(); +} + +bool dnsdist_ffi_dnsquestion_get_skip_cache(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->skipCache; +} + +bool dnsdist_ffi_dnsquestion_get_use_ecs(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->useECS; +} + +bool dnsdist_ffi_dnsquestion_get_add_xpf(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->addXPF; +} + +bool dnsdist_ffi_dnsquestion_get_ecs_override(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->ecsOverride; +} + +uint16_t dnsdist_ffi_dnsquestion_get_ecs_prefix_length(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->ecsPrefixLength; +} + +bool dnsdist_ffi_dnsquestion_is_temp_failure_ttl_set(const dnsdist_ffi_dnsquestion_t* dq) +{ + return dq->dq->tempFailureTTL != boost::none; +} + +uint32_t dnsdist_ffi_dnsquestion_get_temp_failure_ttl(const dnsdist_ffi_dnsquestion_t* dq) +{ + if (dq->dq->tempFailureTTL) { + return *dq->dq->tempFailureTTL; + } + return 0; +} + +bool dnsdist_ffi_dnsquestion_get_do(const dnsdist_ffi_dnsquestion_t* dq) +{ + return getEDNSZ(*dq->dq) & EDNS_HEADER_FLAG_DO; +} + +void dnsdist_ffi_dnsquestion_get_sni(const dnsdist_ffi_dnsquestion_t* dq, const char** sni, size_t* sniSize) +{ + *sniSize = dq->dq->sni.size(); + *sni = dq->dq->sni.c_str(); +} + +const char* dnsdist_ffi_dnsquestion_get_tag(const dnsdist_ffi_dnsquestion_t* dq, const char* label) +{ + const char * result = nullptr; + + if (dq->dq->qTag != nullptr) { + const auto it = dq->dq->qTag->find(label); + if (it != dq->dq->qTag->cend()) { + result = it->second.c_str(); + } + } + + return result; +} + +const char* dnsdist_ffi_dnsquestion_get_http_path(dnsdist_ffi_dnsquestion_t* dq) +{ + if (!dq->httpPath) { + if (dq->dq->du == nullptr) { + return nullptr; + } +#ifdef HAVE_DNS_OVER_HTTPS + dq->httpPath = dq->dq->du->getHTTPPath(); +#endif /* HAVE_DNS_OVER_HTTPS */ + } + if (dq->httpPath) { + return dq->httpPath->c_str(); + } + return nullptr; +} + +const char* dnsdist_ffi_dnsquestion_get_http_query_string(dnsdist_ffi_dnsquestion_t* dq) +{ + if (!dq->httpQueryString) { + if (dq->dq->du == nullptr) { + return nullptr; + } +#ifdef HAVE_DNS_OVER_HTTPS + dq->httpQueryString = dq->dq->du->getHTTPQueryString(); +#endif /* HAVE_DNS_OVER_HTTPS */ + } + if (dq->httpQueryString) { + return dq->httpQueryString->c_str(); + } + return nullptr; +} + +const char* dnsdist_ffi_dnsquestion_get_http_host(dnsdist_ffi_dnsquestion_t* dq) +{ + if (!dq->httpHost) { + if (dq->dq->du == nullptr) { + return nullptr; + } +#ifdef HAVE_DNS_OVER_HTTPS + dq->httpHost = dq->dq->du->getHTTPHost(); +#endif /* HAVE_DNS_OVER_HTTPS */ + } + if (dq->httpHost) { + return dq->httpHost->c_str(); + } + return nullptr; +} + +const char* dnsdist_ffi_dnsquestion_get_http_scheme(dnsdist_ffi_dnsquestion_t* dq) +{ + if (!dq->httpScheme) { + if (dq->dq->du == nullptr) { + return nullptr; + } +#ifdef HAVE_DNS_OVER_HTTPS + dq->httpScheme = dq->dq->du->getHTTPScheme(); +#endif /* HAVE_DNS_OVER_HTTPS */ + } + if (dq->httpScheme) { + return dq->httpScheme->c_str(); + } + return nullptr; +} + +static void fill_edns_option(const EDNSOptionViewValue& value, dnsdist_ffi_ednsoption_t& option) +{ + option.len = value.size; + option.data = nullptr; + + if (value.size > 0) { + option.data = value.content; + } +} + +// returns the length of the resulting 'out' array. 'out' is not set if the length is 0 +size_t dnsdist_ffi_dnsquestion_get_edns_options(dnsdist_ffi_dnsquestion_t* dq, const dnsdist_ffi_ednsoption_t** out) +{ + if (dq->dq->ednsOptions == nullptr) { + parseEDNSOptions(*(dq->dq)); + + if (dq->dq->ednsOptions == nullptr) { + return 0; + } + } + + size_t totalCount = 0; + for (const auto& option : *dq->dq->ednsOptions) { + totalCount += option.second.values.size(); + } + + dq->ednsOptionsVect.clear(); + dq->ednsOptionsVect.resize(totalCount); + size_t pos = 0; + for (const auto& option : *dq->dq->ednsOptions) { + for (const auto& entry : option.second.values) { + fill_edns_option(entry, dq->ednsOptionsVect.at(pos)); + dq->ednsOptionsVect.at(pos).optionCode = option.first; + pos++; + } + } + + if (totalCount > 0) { + *out = dq->ednsOptionsVect.data(); + } + + return totalCount; +} + +size_t dnsdist_ffi_dnsquestion_get_http_headers(dnsdist_ffi_dnsquestion_t* dq, const dnsdist_ffi_http_header_t** out) +{ + if (dq->dq->du == nullptr) { + return 0; + } + +#ifdef HAVE_DNS_OVER_HTTPS + dq->httpHeaders = dq->dq->du->getHTTPHeaders(); + dq->httpHeadersVect.clear(); + dq->httpHeadersVect.resize(dq->httpHeaders.size()); + size_t pos = 0; + for (const auto& header : dq->httpHeaders) { + dq->httpHeadersVect.at(pos).name = header.first.c_str(); + dq->httpHeadersVect.at(pos).value = header.second.c_str(); + ++pos; + } + + if (!dq->httpHeadersVect.empty()) { + *out = dq->httpHeadersVect.data(); + } + + return dq->httpHeadersVect.size(); +#else + return 0; +#endif +} + +size_t dnsdist_ffi_dnsquestion_get_tag_array(dnsdist_ffi_dnsquestion_t* dq, const dnsdist_ffi_tag_t** out) +{ + if (dq->dq->qTag == nullptr || dq->dq->qTag->size() == 0) { + return 0; + } + + dq->tagsVect.clear(); + dq->tagsVect.resize(dq->dq->qTag->size()); + size_t pos = 0; + + for (const auto& tag : *dq->dq->qTag) { + auto& entry = dq->tagsVect.at(pos); + entry.name = tag.first.c_str(); + entry.value = tag.second.c_str(); + ++pos; + } + + + if (!dq->tagsVect.empty()) { + *out = dq->tagsVect.data(); + } + + return dq->tagsVect.size(); +} + +void dnsdist_ffi_dnsquestion_set_result(dnsdist_ffi_dnsquestion_t* dq, const char* str, size_t strSize) +{ + dq->result = std::string(str, strSize); +} + +void dnsdist_ffi_dnsquestion_set_http_response(dnsdist_ffi_dnsquestion_t* dq, uint16_t statusCode, const char* body, size_t bodyLen, const char* contentType) +{ + if (dq->dq->du == nullptr) { + return; + } + +#ifdef HAVE_DNS_OVER_HTTPS + PacketBuffer bodyVect(body, body + bodyLen); + dq->dq->du->setHTTPResponse(statusCode, std::move(bodyVect), contentType); + dq->dq->getHeader()->qr = true; +#endif +} + +void dnsdist_ffi_dnsquestion_set_rcode(dnsdist_ffi_dnsquestion_t* dq, int rcode) +{ + dq->dq->getHeader()->rcode = rcode; + dq->dq->getHeader()->qr = true; +} + +void dnsdist_ffi_dnsquestion_set_len(dnsdist_ffi_dnsquestion_t* dq, uint16_t len) +{ + dq->dq->getMutableData().resize(len); +} + +void dnsdist_ffi_dnsquestion_set_skip_cache(dnsdist_ffi_dnsquestion_t* dq, bool skipCache) +{ + dq->dq->skipCache = skipCache; +} + +void dnsdist_ffi_dnsquestion_set_use_ecs(dnsdist_ffi_dnsquestion_t* dq, bool useECS) +{ + dq->dq->useECS = useECS; +} + +void dnsdist_ffi_dnsquestion_set_ecs_override(dnsdist_ffi_dnsquestion_t* dq, bool ecsOverride) +{ + dq->dq->ecsOverride = ecsOverride; +} + +void dnsdist_ffi_dnsquestion_set_ecs_prefix_length(dnsdist_ffi_dnsquestion_t* dq, uint16_t ecsPrefixLength) +{ + dq->dq->ecsPrefixLength = ecsPrefixLength; +} + +void dnsdist_ffi_dnsquestion_set_temp_failure_ttl(dnsdist_ffi_dnsquestion_t* dq, uint32_t tempFailureTTL) +{ + dq->dq->tempFailureTTL = tempFailureTTL; +} + +void dnsdist_ffi_dnsquestion_unset_temp_failure_ttl(dnsdist_ffi_dnsquestion_t* dq) +{ + dq->dq->tempFailureTTL = boost::none; +} + +void dnsdist_ffi_dnsquestion_set_tag(dnsdist_ffi_dnsquestion_t* dq, const char* label, const char* value) +{ + dq->dq->setTag(label, value); +} + +size_t dnsdist_ffi_dnsquestion_get_trailing_data(dnsdist_ffi_dnsquestion_t* dq, const char** out) +{ + dq->trailingData = dq->dq->getTrailingData(); + if (!dq->trailingData.empty()) { + *out = dq->trailingData.data(); + } + + return dq->trailingData.size(); +} + +bool dnsdist_ffi_dnsquestion_set_trailing_data(dnsdist_ffi_dnsquestion_t* dq, const char* data, size_t dataLen) +{ + return dq->dq->setTrailingData(std::string(data, dataLen)); +} + +void dnsdist_ffi_dnsquestion_send_trap(dnsdist_ffi_dnsquestion_t* dq, const char* reason, size_t reasonLen) +{ + if (g_snmpAgent && g_snmpTrapsEnabled) { + g_snmpAgent->sendDNSTrap(*dq->dq, std::string(reason, reasonLen)); + } +} + +void dnsdist_ffi_dnsquestion_spoof_raw(dnsdist_ffi_dnsquestion_t* dq, const dnsdist_ffi_raw_value_t* values, size_t valuesCount) +{ + std::vector data; + data.reserve(valuesCount); + + for (size_t idx = 0; idx < valuesCount; idx++) { + data.emplace_back(values[idx].value, values[idx].size); + } + + std::string result; + SpoofAction sa(data); + sa(dq->dq, &result); +} + +void dnsdist_ffi_dnsquestion_spoof_addrs(dnsdist_ffi_dnsquestion_t* dq, const dnsdist_ffi_raw_value_t* values, size_t valuesCount) +{ + std::vector data; + data.reserve(valuesCount); + + for (size_t idx = 0; idx < valuesCount; idx++) { + if (values[idx].size == 4) { + sockaddr_in sin; + sin.sin_family = AF_INET; + sin.sin_port = 0; + memcpy(&sin.sin_addr.s_addr, values[idx].value, sizeof(sin.sin_addr.s_addr)); + data.emplace_back(&sin); + } + else if (values[idx].size == 16) { + sockaddr_in6 sin6; + sin6.sin6_family = AF_INET6; + sin6.sin6_port = 0; + sin6.sin6_scope_id = 0; + sin6.sin6_flowinfo = 0; + memcpy(&sin6.sin6_addr.s6_addr, values[idx].value, sizeof(sin6.sin6_addr.s6_addr)); + data.emplace_back(&sin6); + } + } + + std::string result; + SpoofAction sa(data); + sa(dq->dq, &result); +} + +size_t dnsdist_ffi_servers_list_get_count(const dnsdist_ffi_servers_list_t* list) +{ + return list->ffiServers.size(); +} + +void dnsdist_ffi_servers_list_get_server(const dnsdist_ffi_servers_list_t* list, size_t idx, const dnsdist_ffi_server_t** out) +{ + *out = &list->ffiServers.at(idx); +} + +static size_t dnsdist_ffi_servers_get_index_from_server(const ServerPolicy::NumberedServerVector& servers, const std::shared_ptr& server) +{ + for (const auto& pair : servers) { + if (pair.second == server) { + return pair.first - 1; + } + } + throw std::runtime_error("Unable to find servers in server list"); +} + +size_t dnsdist_ffi_servers_list_chashed(const dnsdist_ffi_servers_list_t* list, const dnsdist_ffi_dnsquestion_t* dq, size_t hash) +{ + auto server = chashedFromHash(list->servers, hash); + return dnsdist_ffi_servers_get_index_from_server(list->servers, server); +} + +size_t dnsdist_ffi_servers_list_whashed(const dnsdist_ffi_servers_list_t* list, const dnsdist_ffi_dnsquestion_t* dq, size_t hash) +{ + auto server = whashedFromHash(list->servers, hash); + return dnsdist_ffi_servers_get_index_from_server(list->servers, server); +} + +uint64_t dnsdist_ffi_server_get_outstanding(const dnsdist_ffi_server_t* server) +{ + return server->server->outstanding; +} + +int dnsdist_ffi_server_get_weight(const dnsdist_ffi_server_t* server) +{ + return server->server->weight; +} + +int dnsdist_ffi_server_get_order(const dnsdist_ffi_server_t* server) +{ + return server->server->order; +} + +double dnsdist_ffi_server_get_latency(const dnsdist_ffi_server_t* server) +{ + return server->server->latencyUsec; +} + +bool dnsdist_ffi_server_is_up(const dnsdist_ffi_server_t* server) +{ + return server->server->isUp(); +} + +const char* dnsdist_ffi_server_get_name(const dnsdist_ffi_server_t* server) +{ + return server->server->getName().c_str(); +} + +const char* dnsdist_ffi_server_get_name_with_addr(const dnsdist_ffi_server_t* server) +{ + return server->server->getNameWithAddr().c_str(); +} + +const std::string& getLuaFFIWrappers() +{ + static const std::string interface = +#include "dnsdist-lua-ffi-interface.inc" + ; + static const std::string code = R"FFICodeContent( + local ffi = require("ffi") + local C = ffi.C + + ffi.cdef[[ +)FFICodeContent" + interface + R"FFICodeContent( + ]] + +)FFICodeContent"; + return code; +} + +void setupLuaLoadBalancingContext(LuaContext& luaCtx) +{ + setupLuaBindings(luaCtx, true); + setupLuaBindingsDNSQuestion(luaCtx); + setupLuaBindingsKVS(luaCtx, true); + setupLuaVars(luaCtx); + +#ifdef LUAJIT_VERSION + luaCtx.executeCode(getLuaFFIWrappers()); +#endif +} + +void setupLuaFFIPerThreadContext(LuaContext& luaCtx) +{ + setupLuaVars(luaCtx); + +#ifdef LUAJIT_VERSION + luaCtx.executeCode(getLuaFFIWrappers()); +#endif +} diff --git a/dnsdist-lua-ffi.hh b/dnsdist-lua-ffi.hh new file mode 100644 index 0000000..1030659 --- /dev/null +++ b/dnsdist-lua-ffi.hh @@ -0,0 +1,110 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include "dnsdist.hh" + +extern "C" { +#include "dnsdist-lua-ffi-interface.h" +} + +// dnsdist_ffi_dnsquestion_t is a lightuserdata +template<> +struct LuaContext::Pusher { + static const int minSize = 1; + static const int maxSize = 1; + + static PushedObject push(lua_State* state, dnsdist_ffi_dnsquestion_t* ptr) noexcept { + lua_pushlightuserdata(state, ptr); + return PushedObject{state, 1}; + } +}; + +struct dnsdist_ffi_dnsquestion_t +{ + dnsdist_ffi_dnsquestion_t(DNSQuestion* dq_): dq(dq_) + { + } + + DNSQuestion* dq{nullptr}; + std::vector ednsOptionsVect; + std::vector httpHeadersVect; + std::vector tagsVect; + std::unordered_map httpHeaders; + std::string trailingData; + ComboAddress maskedRemote; + boost::optional result{boost::none}; + boost::optional httpPath{boost::none}; + boost::optional httpQueryString{boost::none}; + boost::optional httpHost{boost::none}; + boost::optional httpScheme{boost::none}; +}; + +// dnsdist_ffi_server_t is a lightuserdata +template<> +struct LuaContext::Pusher { + static const int minSize = 1; + static const int maxSize = 1; + + static PushedObject push(lua_State* state, dnsdist_ffi_server_t* ptr) noexcept { + lua_pushlightuserdata(state, ptr); + return PushedObject{state, 1}; + } +}; + +struct dnsdist_ffi_server_t +{ + dnsdist_ffi_server_t(const std::shared_ptr& server_): server(server_) + { + } + + const std::shared_ptr& server; +}; + +// dnsdist_ffi_servers_list_t is a lightuserdata +template<> +struct LuaContext::Pusher { + static const int minSize = 1; + static const int maxSize = 1; + + static PushedObject push(lua_State* state, dnsdist_ffi_servers_list_t* ptr) noexcept { + lua_pushlightuserdata(state, ptr); + return PushedObject{state, 1}; + } +}; + +struct dnsdist_ffi_servers_list_t +{ + dnsdist_ffi_servers_list_t(const ServerPolicy::NumberedServerVector& servers_): servers(servers_) + { + ffiServers.reserve(servers.size()); + for (const auto& server: servers) { + ffiServers.push_back(dnsdist_ffi_server_t(server.second)); + } + } + + std::vector ffiServers; + const ServerPolicy::NumberedServerVector& servers; +}; + +const std::string& getLuaFFIWrappers(); +void setupLuaFFIPerThreadContext(LuaContext& luaCtx); diff --git a/dnsdist-lua-inspection-ffi.cc b/dnsdist-lua-inspection-ffi.cc new file mode 100644 index 0000000..13158fa --- /dev/null +++ b/dnsdist-lua-inspection-ffi.cc @@ -0,0 +1,106 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "dnsdist.hh" +#include "dnsdist-dynblocks.hh" + +uint64_t dnsdist_ffi_stat_node_get_queries_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->self.queries; +} + +uint64_t dnsdist_ffi_stat_node_get_noerrors_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->self.noerrors; +} + +uint64_t dnsdist_ffi_stat_node_get_nxdomains_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->self.nxdomains; +} + +uint64_t dnsdist_ffi_stat_node_get_servfails_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->self.servfails; +} + +uint64_t dnsdist_ffi_stat_node_get_drops_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->self.drops; +} + +uint64_t dnsdist_ffi_stat_node_get_bytes(const dnsdist_ffi_stat_node_t* node) +{ + return node->self.bytes; +} + +unsigned int dnsdist_ffi_stat_node_get_labels_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->node.labelsCount; +} + +void dnsdist_ffi_stat_node_get_full_name_raw(const dnsdist_ffi_stat_node_t* node, const char** name, size_t* nameSize) +{ + const auto& storage = node->node.fullname; + *name = storage.c_str(); + *nameSize = storage.size(); +} + +unsigned int dnsdist_ffi_stat_node_get_children_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->node.children.size(); +} + +uint64_t dnsdist_ffi_stat_node_get_children_queries_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->children.queries; +} + +uint64_t dnsdist_ffi_stat_node_get_children_noerrors_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->children.noerrors; +} + +uint64_t dnsdist_ffi_stat_node_get_children_nxdomains_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->children.nxdomains; +} + +uint64_t dnsdist_ffi_stat_node_get_children_servfails_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->children.servfails; +} + +uint64_t dnsdist_ffi_stat_node_get_children_drops_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->children.drops; +} + +uint64_t dnsdist_ffi_stat_node_get_children_bytes_count(const dnsdist_ffi_stat_node_t* node) +{ + return node->children.bytes; +} + +void dnsdist_ffi_state_node_set_reason(dnsdist_ffi_stat_node_t* node, const char* reason, size_t reasonSize) +{ + node->reason = std::string(reason, reasonSize); +} diff --git a/dnsdist-lua-inspection-ffi.hh b/dnsdist-lua-inspection-ffi.hh new file mode 100644 index 0000000..05f087f --- /dev/null +++ b/dnsdist-lua-inspection-ffi.hh @@ -0,0 +1,45 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +extern "C" { + typedef struct dnsdist_ffi_stat_node_t dnsdist_ffi_stat_node_t; + + uint64_t dnsdist_ffi_stat_node_get_queries_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + uint64_t dnsdist_ffi_stat_node_get_noerrors_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + uint64_t dnsdist_ffi_stat_node_get_nxdomains_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + uint64_t dnsdist_ffi_stat_node_get_servfails_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + uint64_t dnsdist_ffi_stat_node_get_drops_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + uint64_t dnsdist_ffi_stat_node_get_bytes(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + unsigned int dnsdist_ffi_stat_node_get_labels_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + void dnsdist_ffi_stat_node_get_full_name_raw(const dnsdist_ffi_stat_node_t* node, const char** name, size_t* nameSize) __attribute__ ((visibility ("default"))); + + unsigned int dnsdist_ffi_stat_node_get_children_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + + uint64_t dnsdist_ffi_stat_node_get_children_queries_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + uint64_t dnsdist_ffi_stat_node_get_children_noerrors_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + uint64_t dnsdist_ffi_stat_node_get_children_nxdomains_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + uint64_t dnsdist_ffi_stat_node_get_children_servfails_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + uint64_t dnsdist_ffi_stat_node_get_children_drops_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + uint64_t dnsdist_ffi_stat_node_get_children_bytes_count(const dnsdist_ffi_stat_node_t* node) __attribute__ ((visibility ("default"))); + + void dnsdist_ffi_state_node_set_reason(dnsdist_ffi_stat_node_t* node, const char* reason, size_t reasonSize) __attribute__ ((visibility ("default"))); +} diff --git a/dnsdist-lua-inspection.cc b/dnsdist-lua-inspection.cc new file mode 100644 index 0000000..451682a --- /dev/null +++ b/dnsdist-lua-inspection.cc @@ -0,0 +1,857 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "dnsdist.hh" +#include "dnsdist-lua.hh" +#include "dnsdist-dynblocks.hh" +#include "dnsdist-nghttp2.hh" +#include "dnsdist-rings.hh" +#include "dnsdist-tcp.hh" + +#include "statnode.hh" + +static std::unordered_map>> getGenResponses(unsigned int top, boost::optional labels, std::function pred) +{ + setLuaNoSideEffect(); + map counts; + unsigned int total=0; + { + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->respRing.lock(); + if (!labels) { + for(const auto& a : *rl) { + if(!pred(a)) + continue; + counts[a.name]++; + total++; + } + } + else { + unsigned int lab = *labels; + for(const auto& a : *rl) { + if(!pred(a)) + continue; + + DNSName temp(a.name); + temp.trimToLabels(lab); + counts[temp]++; + total++; + } + } + } + } + // cout<<"Looked at "<> rcounts; + rcounts.reserve(counts.size()); + for(const auto& c : counts) + rcounts.emplace_back(c.second, c.first.makeLowerCase()); + + sort(rcounts.begin(), rcounts.end(), [](const decltype(rcounts)::value_type& a, + const decltype(rcounts)::value_type& b) { + return b.first < a.first; + }); + + std::unordered_map>> ret; + unsigned int count=1, rest=0; + for(const auto& rc : rcounts) { + if(count==top+1) + rest+=rc.first; + else + ret.insert({count++, {rc.second.toString(), rc.first, 100.0*rc.first/total}}); + } + + if (total > 0) { + ret.insert({count, {"Rest", rest, 100.0*rest/total}}); + } + else { + ret.insert({count, {"Rest", rest, 100.0 }}); + } + + return ret; +} + +typedef std::unordered_map counts_t; + +static counts_t filterScore(const counts_t& counts, + double delta, unsigned int rate) +{ + counts_t ret; + + double lim = delta*rate; + for(const auto& c : counts) { + if (c.second > lim) { + ret[c.first] = c.second; + } + } + + return ret; +} + + +typedef std::function statvisitor_t; + +static void statNodeRespRing(statvisitor_t visitor, unsigned int seconds) +{ + struct timespec cutoff, now; + gettime(&now); + cutoff = now; + cutoff.tv_sec -= seconds; + + StatNode root; + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->respRing.lock(); + + for(const auto& c : *rl) { + if (now < c.when) + continue; + + if (seconds && c.when < cutoff) + continue; + + root.submit(c.name, ((c.dh.rcode == 0 && c.usec == std::numeric_limits::max()) ? -1 : c.dh.rcode), c.size, boost::none); + } + } + + StatNode::Stat node; + root.visit([visitor](const StatNode* node_, const StatNode::Stat& self, const StatNode::Stat& children) { + visitor(*node_, self, children);}, node); +} + +static vector > > getRespRing(boost::optional rcode) +{ + typedef std::unordered_map entry_t; + vector > ret; + + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->respRing.lock(); + + entry_t e; + unsigned int count=1; + for(const auto& c : *rl) { + if(rcode && (rcode.get() != c.dh.rcode)) + continue; + e["qname"]=c.name.toString(); + e["rcode"]=std::to_string(c.dh.rcode); + ret.emplace_back(count, e); + count++; + } + } + + return ret; +} + +static counts_t exceedRespGen(unsigned int rate, int seconds, std::function T) +{ + counts_t counts; + struct timespec cutoff, mintime, now; + gettime(&now); + cutoff = mintime = now; + cutoff.tv_sec -= seconds; + + counts.reserve(g_rings.getNumberOfResponseEntries()); + + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->respRing.lock(); + for(const auto& c : *rl) { + + if(seconds && c.when < cutoff) + continue; + if(now < c.when) + continue; + + T(counts, c); + if(c.when < mintime) + mintime = c.when; + } + } + + double delta = seconds ? seconds : DiffTime(now, mintime); + return filterScore(counts, delta, rate); +} + +static counts_t exceedQueryGen(unsigned int rate, int seconds, std::function T) +{ + counts_t counts; + struct timespec cutoff, mintime, now; + gettime(&now); + cutoff = mintime = now; + cutoff.tv_sec -= seconds; + + counts.reserve(g_rings.getNumberOfQueryEntries()); + + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->queryRing.lock(); + for(const auto& c : *rl) { + if(seconds && c.when < cutoff) + continue; + if(now < c.when) + continue; + T(counts, c); + if(c.when < mintime) + mintime = c.when; + } + } + + double delta = seconds ? seconds : DiffTime(now, mintime); + return filterScore(counts, delta, rate); +} + + +static counts_t exceedRCode(unsigned int rate, int seconds, int rcode) +{ + return exceedRespGen(rate, seconds, [rcode](counts_t& counts, const Rings::Response& r) + { + if(r.dh.rcode == rcode) + counts[r.requestor]++; + }); +} + +static counts_t exceedRespByterate(unsigned int rate, int seconds) +{ + return exceedRespGen(rate, seconds, [](counts_t& counts, const Rings::Response& r) + { + counts[r.requestor]+=r.size; + }); +} + +void setupLuaInspection(LuaContext& luaCtx) +{ + luaCtx.writeFunction("topClients", [](boost::optional top_) { + setLuaNoSideEffect(); + auto top = top_.get_value_or(10); + map counts; + unsigned int total=0; + { + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->queryRing.lock(); + for(const auto& c : *rl) { + counts[c.requestor]++; + total++; + } + } + } + vector> rcounts; + rcounts.reserve(counts.size()); + for(const auto& c : counts) + rcounts.emplace_back(c.second, c.first); + + sort(rcounts.begin(), rcounts.end(), [](const decltype(rcounts)::value_type& a, + const decltype(rcounts)::value_type& b) { + return b.first < a.first; + }); + unsigned int count=1, rest=0; + boost::format fmt("%4d %-40s %4d %4.1f%%\n"); + for(const auto& rc : rcounts) { + if(count==top+1) + rest+=rc.first; + else + g_outputBuffer += (fmt % (count++) % rc.second.toString() % rc.first % (100.0*rc.first/total)).str(); + } + g_outputBuffer += (fmt % (count) % "Rest" % rest % (total > 0 ? 100.0*rest/total : 100.0)).str(); + }); + + luaCtx.writeFunction("getTopQueries", [](unsigned int top, boost::optional labels) { + setLuaNoSideEffect(); + map counts; + unsigned int total=0; + if(!labels) { + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->queryRing.lock(); + for(const auto& a : *rl) { + counts[a.name]++; + total++; + } + } + } + else { + unsigned int lab = *labels; + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->queryRing.lock(); + for(auto a : *rl) { + a.name.trimToLabels(lab); + counts[a.name]++; + total++; + } + } + } + // cout<<"Looked at "<> rcounts; + rcounts.reserve(counts.size()); + for(const auto& c : counts) + rcounts.emplace_back(c.second, c.first.makeLowerCase()); + + sort(rcounts.begin(), rcounts.end(), [](const decltype(rcounts)::value_type& a, + const decltype(rcounts)::value_type& b) { + return b.first < a.first; + }); + + std::unordered_map>> ret; + unsigned int count=1, rest=0; + for(const auto& rc : rcounts) { + if(count==top+1) + rest+=rc.first; + else + ret.insert({count++, {rc.second.toString(), rc.first, 100.0*rc.first/total}}); + } + + if (total > 0) { + ret.insert({count, {"Rest", rest, 100.0*rest/total}}); + } + else { + ret.insert({count, {"Rest", rest, 100.0}}); + } + + return ret; + + }); + + luaCtx.executeCode(R"(function topQueries(top, labels) top = top or 10; for k,v in ipairs(getTopQueries(top,labels)) do show(string.format("%4d %-40s %4d %4.1f%%",k,v[1],v[2], v[3])) end end)"); + + luaCtx.writeFunction("getResponseRing", []() { + setLuaNoSideEffect(); + size_t totalEntries = 0; + std::vector> rings; + rings.reserve(g_rings.getNumberOfShards()); + for (const auto& shard : g_rings.d_shards) { + { + auto rl = shard->respRing.lock(); + rings.push_back(*rl); + } + totalEntries += rings.back().size(); + } + vector > > ret; + ret.reserve(totalEntries); + decltype(ret)::value_type item; + for (size_t idx = 0; idx < rings.size(); idx++) { + for(const auto& r : rings[idx]) { + item["name"]=r.name.toString(); + item["qtype"]=r.qtype; + item["rcode"]=r.dh.rcode; + item["usec"]=r.usec; + ret.push_back(item); + } + } + return ret; + }); + + luaCtx.writeFunction("getTopResponses", [](unsigned int top, unsigned int kind, boost::optional labels) { + return getGenResponses(top, labels, [kind](const Rings::Response& r) { return r.dh.rcode == kind; }); + }); + + luaCtx.executeCode(R"(function topResponses(top, kind, labels) top = top or 10; kind = kind or 0; for k,v in ipairs(getTopResponses(top, kind, labels)) do show(string.format("%4d %-40s %4d %4.1f%%",k,v[1],v[2],v[3])) end end)"); + + + luaCtx.writeFunction("getSlowResponses", [](unsigned int top, unsigned int msec, boost::optional labels) { + return getGenResponses(top, labels, [msec](const Rings::Response& r) { return r.usec > msec*1000; }); + }); + + + luaCtx.executeCode(R"(function topSlow(top, msec, labels) top = top or 10; msec = msec or 500; for k,v in ipairs(getSlowResponses(top, msec, labels)) do show(string.format("%4d %-40s %4d %4.1f%%",k,v[1],v[2],v[3])) end end)"); + + luaCtx.writeFunction("getTopBandwidth", [](unsigned int top) { + setLuaNoSideEffect(); + return g_rings.getTopBandwidth(top); + }); + + luaCtx.executeCode(R"(function topBandwidth(top) top = top or 10; for k,v in ipairs(getTopBandwidth(top)) do show(string.format("%4d %-40s %4d %4.1f%%",k,v[1],v[2],v[3])) end end)"); + + luaCtx.writeFunction("delta", []() { + setLuaNoSideEffect(); + // we hold the lua lock already! + for(const auto& d : g_confDelta) { + struct tm tm; + localtime_r(&d.first.tv_sec, &tm); + char date[80]; + strftime(date, sizeof(date)-1, "-- %a %b %d %Y %H:%M:%S %Z\n", &tm); + g_outputBuffer += date; + g_outputBuffer += d.second + "\n"; + } + }); + + luaCtx.writeFunction("grepq", [](boost::variant > > inp, boost::optional limit) { + setLuaNoSideEffect(); + boost::optional nm; + boost::optional dn; + int msec=-1; + + vector vec; + auto str=boost::get(&inp); + if(str) + vec.push_back(*str); + else { + auto v = boost::get > >(inp); + for(const auto& a: v) + vec.push_back(a.second); + } + + for(const auto& s : vec) { + try + { + nm = Netmask(s); + } + catch(...) { + if(boost::ends_with(s,"ms") && sscanf(s.c_str(), "%ums", &msec)) { + ; + } + else { + try { dn=DNSName(s); } + catch(...) + { + g_outputBuffer = "Could not parse '"+s+"' as domain name or netmask"; + return; + } + } + } + } + + std::vector qr; + std::vector rr; + qr.reserve(g_rings.getNumberOfQueryEntries()); + rr.reserve(g_rings.getNumberOfResponseEntries()); + for (const auto& shard : g_rings.d_shards) { + { + auto rl = shard->queryRing.lock(); + for (const auto& entry : *rl) { + qr.push_back(entry); + } + } + { + auto rl = shard->respRing.lock(); + for (const auto& entry : *rl) { + rr.push_back(entry); + } + } + } + + sort(qr.begin(), qr.end(), [](const decltype(qr)::value_type& a, const decltype(qr)::value_type& b) { + return b.when < a.when; + }); + + sort(rr.begin(), rr.end(), [](const decltype(rr)::value_type& a, const decltype(rr)::value_type& b) { + return b.when < a.when; + }); + + unsigned int num=0; + struct timespec now; + gettime(&now); + + std::multimap out; + + boost::format fmt("%-7.1f %-47s %-12s %-12s %-5d %-25s %-5s %-6.1f %-2s %-2s %-2s %-s\n"); + g_outputBuffer+= (fmt % "Time" % "Client" % "Protocol" % "Server" % "ID" % "Name" % "Type" % "Lat." % "TC" % "RD" % "AA" % "Rcode").str(); + + if(msec==-1) { + for(const auto& c : qr) { + bool nmmatch=true, dnmatch=true; + if (nm) { + nmmatch = nm->match(c.requestor); + } + if (dn) { + if (c.name.empty()) { + dnmatch = false; + } + else { + dnmatch = c.name.isPartOf(*dn); + } + } + if (nmmatch && dnmatch) { + QType qt(c.qtype); + std::string extra; + if (c.dh.opcode != 0) { + extra = " (" + Opcode::to_s(c.dh.opcode) + ")"; + } + out.emplace(c.when, (fmt % DiffTime(now, c.when) % c.requestor.toStringWithPort() % dnsdist::Protocol(c.protocol).toString() % "" % htons(c.dh.id) % c.name.toString() % qt.toString() % "" % (c.dh.tc ? "TC" : "") % (c.dh.rd ? "RD" : "") % (c.dh.aa ? "AA" : "") % ("Question" + extra)).str()); + + if(limit && *limit==++num) + break; + } + } + } + num=0; + + + string extra; + for(const auto& c : rr) { + bool nmmatch=true, dnmatch=true, msecmatch=true; + if (nm) { + nmmatch = nm->match(c.requestor); + } + if (dn) { + if (c.name.empty()) { + dnmatch = false; + } + else { + dnmatch = c.name.isPartOf(*dn); + } + } + if (msec != -1) { + msecmatch=(c.usec/1000 > (unsigned int)msec); + } + + if (nmmatch && dnmatch && msecmatch) { + QType qt(c.qtype); + if (!c.dh.rcode) { + extra=". " +std::to_string(htons(c.dh.ancount))+ " answers"; + } + else { + extra.clear(); + } + + if (c.usec != std::numeric_limits::max()) { + out.emplace(c.when, (fmt % DiffTime(now, c.when) % c.requestor.toStringWithPort() % dnsdist::Protocol(c.protocol).toString() % c.ds.toStringWithPort() % htons(c.dh.id) % c.name.toString() % qt.toString() % (c.usec / 1000.0) % (c.dh.tc ? "TC" : "") % (c.dh.rd ? "RD" : "") % (c.dh.aa ? "AA" : "") % (RCode::to_s(c.dh.rcode) + extra)).str()); + } + else { + out.emplace(c.when, (fmt % DiffTime(now, c.when) % c.requestor.toStringWithPort() % dnsdist::Protocol(c.protocol).toString() % c.ds.toStringWithPort() % htons(c.dh.id) % c.name.toString() % qt.toString() % "T.O" % (c.dh.tc ? "TC" : "") % (c.dh.rd ? "RD" : "") % (c.dh.aa ? "AA" : "") % (RCode::to_s(c.dh.rcode) + extra)).str()); + } + + if (limit && *limit == ++num) { + break; + } + } + } + + for(const auto& p : out) { + g_outputBuffer+=p.second; + } + }); + + luaCtx.writeFunction("showResponseLatency", []() { + setLuaNoSideEffect(); + map histo; + double bin=100; + for(int i=0; i < 15; ++i) { + histo[bin]; + bin*=2; + } + + double totlat=0; + unsigned int size=0; + { + for (const auto& shard : g_rings.d_shards) { + auto rl = shard->respRing.lock(); + for(const auto& r : *rl) { + /* skip actively discovered timeouts */ + if (r.usec == std::numeric_limits::max()) + continue; + + ++size; + auto iter = histo.lower_bound(r.usec); + if(iter != histo.end()) + iter->second++; + else + histo.rbegin()++; + totlat+=r.usec; + } + } + } + + if (size == 0) { + g_outputBuffer = "No traffic yet.\n"; + return; + } + + g_outputBuffer = (boost::format("Average response latency: %.02f msec\n") % (0.001*totlat/size)).str(); + double highest=0; + + for(auto iter = histo.cbegin(); iter != histo.cend(); ++iter) { + highest=std::max(highest, iter->second*1.0); + } + boost::format fmt("%7.2f\t%s\n"); + g_outputBuffer += (fmt % "msec" % "").str(); + + for(auto iter = histo.cbegin(); iter != histo.cend(); ++iter) { + int stars = (70.0 * iter->second/highest); + char c='*'; + if(!stars && iter->second) { + stars=1; // you get 1 . to show something is there.. + if(70.0*iter->second/highest > 0.5) + c=':'; + else + c='.'; + } + g_outputBuffer += (fmt % (iter->first/1000.0) % string(stars, c)).str(); + } + }); + + luaCtx.writeFunction("showTCPStats", [] { + setLuaNoSideEffect(); + ostringstream ret; + boost::format fmt("%-12d %-12d %-12d %-12d"); + ret << (fmt % "Workers" % "Max Workers" % "Queued" % "Max Queued") << endl; + ret << (fmt % g_tcpclientthreads->getThreadsCount() % (g_maxTCPClientThreads ? *g_maxTCPClientThreads : 0) % g_tcpclientthreads->getQueuedCount() % g_maxTCPQueuedConnections) << endl; + ret << endl; + + ret << "Frontends:" << endl; + fmt = boost::format("%-3d %-20.20s %-20d %-20d %-20d %-25d %-20d %-20d %-20d %-20f %-20f %-20d %-20d %-25d %-25d %-15d %-15d %-15d %-15d %-15d"); + ret << (fmt % "#" % "Address" % "Connections" % "Max concurrent conn" % "Died reading query" % "Died sending response" % "Gave up" % "Client timeouts" % "Downstream timeouts" % "Avg queries/conn" % "Avg duration" % "TLS new sessions" % "TLS Resumptions" % "TLS unknown ticket keys" % "TLS inactive ticket keys" % "TLS 1.0" % "TLS 1.1" % "TLS 1.2" % "TLS 1.3" % "TLS other") << endl; + + size_t counter = 0; + for(const auto& f : g_frontends) { + ret << (fmt % counter % f->local.toStringWithPort() % f->tcpCurrentConnections % f->tcpMaxConcurrentConnections % f->tcpDiedReadingQuery % f->tcpDiedSendingResponse % f->tcpGaveUp % f->tcpClientTimeouts % f->tcpDownstreamTimeouts % f->tcpAvgQueriesPerConnection % f->tcpAvgConnectionDuration % f->tlsNewSessions % f->tlsResumptions % f->tlsUnknownTicketKey % f->tlsInactiveTicketKey % f->tls10queries % f->tls11queries % f->tls12queries % f->tls13queries % f->tlsUnknownqueries) << endl; + ++counter; + } + ret << endl; + + ret << "Backends:" << endl; + fmt = boost::format("%-3d %-20.20s %-20.20s %-20d %-20d %-25d %-25d %-20d %-20d %-20d %-20d %-20d %-20d %-20d %-20f %-20f"); + ret << (fmt % "#" % "Name" % "Address" % "Connections" % "Max concurrent conn" % "Died sending query" % "Died reading response" % "Gave up" % "Read timeouts" % "Write timeouts" % "Connect timeouts" % "Total connections" % "Reused connections" % "TLS resumptions" % "Avg queries/conn" % "Avg duration") << endl; + + auto states = g_dstates.getLocal(); + counter = 0; + for(const auto& s : *states) { + ret << (fmt % counter % s->getName() % s->remote.toStringWithPort() % s->tcpCurrentConnections % s->tcpMaxConcurrentConnections % s->tcpDiedSendingQuery % s->tcpDiedReadingResponse % s->tcpGaveUp % s->tcpReadTimeouts % s->tcpWriteTimeouts % s->tcpConnectTimeouts % s->tcpNewConnections % s->tcpReusedConnections % s->tlsResumptions % s->tcpAvgQueriesPerConnection % s->tcpAvgConnectionDuration) << endl; + ++counter; + } + + g_outputBuffer=ret.str(); + }); + + luaCtx.writeFunction("showTLSErrorCounters", [] { + setLuaNoSideEffect(); + ostringstream ret; + boost::format fmt("%-3d %-20.20s %-23d %-23d %-23d %-23d %-23d %-23d %-23d %-23d"); + + ret << (fmt % "#" % "Address" % "DH key too small" % "Inappropriate fallback" % "No shared cipher" % "Unknown cipher type" % "Unknown exchange type" % "Unknown protocol" % "Unsupported EC" % "Unsupported protocol") << endl; + + size_t counter = 0; + for(const auto& f : g_frontends) { + if (!f->hasTLS()) { + continue; + } + const TLSErrorCounters* errorCounters = nullptr; + if (f->tlsFrontend != nullptr) { + errorCounters = &f->tlsFrontend->d_tlsCounters; + } + else if (f->dohFrontend != nullptr) { + errorCounters = &f->dohFrontend->d_tlsCounters; + } + if (errorCounters == nullptr) { + continue; + } + + ret << (fmt % counter % f->local.toStringWithPort() % errorCounters->d_dhKeyTooSmall % errorCounters->d_inappropriateFallBack % errorCounters->d_noSharedCipher % errorCounters->d_unknownCipherType % errorCounters->d_unknownKeyExchangeType % errorCounters->d_unknownProtocol % errorCounters->d_unsupportedEC % errorCounters->d_unsupportedProtocol) << endl; + ++counter; + } + ret << endl; + + g_outputBuffer=ret.str(); + }); + + luaCtx.writeFunction("requestTCPStatesDump", [] { + setLuaNoSideEffect(); + extern std::atomic g_tcpStatesDumpRequested; + g_tcpStatesDumpRequested += g_tcpclientthreads->getThreadsCount(); + }); + + luaCtx.writeFunction("requestDoHStatesDump", [] { + setLuaNoSideEffect(); + g_dohStatesDumpRequested += g_dohClientThreads->getThreadsCount(); + }); + + luaCtx.writeFunction("dumpStats", [] { + setLuaNoSideEffect(); + vector leftcolumn, rightcolumn; + + boost::format fmt("%-35s\t%+11s"); + g_outputBuffer.clear(); + auto entries = g_stats.entries; + sort(entries.begin(), entries.end(), + [](const decltype(entries)::value_type& a, const decltype(entries)::value_type& b) { + return a.first < b.first; + }); + boost::format flt(" %9.1f"); + for(const auto& e : entries) { + string second; + if(const auto& val = boost::get(&e.second)) + second=std::to_string((*val)->load()); + else if (const auto& dval = boost::get(&e.second)) + second=(flt % (**dval)).str(); + else + second=std::to_string((*boost::get(&e.second))(e.first)); + + if(leftcolumn.size() < g_stats.entries.size()/2) + leftcolumn.push_back((fmt % e.first % second).str()); + else + rightcolumn.push_back((fmt % e.first % second).str()); + } + + auto leftiter=leftcolumn.begin(), rightiter=rightcolumn.begin(); + boost::format clmn("%|0t|%1% %|51t|%2%\n"); + + for(;leftiter != leftcolumn.end() || rightiter != rightcolumn.end();) { + string lentry, rentry; + if(leftiter!= leftcolumn.end()) { + lentry = *leftiter; + leftiter++; + } + if(rightiter!= rightcolumn.end()) { + rentry = *rightiter; + rightiter++; + } + g_outputBuffer += (clmn % lentry % rentry).str(); + } + }); + + luaCtx.writeFunction("exceedServFails", [](unsigned int rate, int seconds) { + setLuaNoSideEffect(); + return exceedRCode(rate, seconds, RCode::ServFail); + }); + luaCtx.writeFunction("exceedNXDOMAINs", [](unsigned int rate, int seconds) { + setLuaNoSideEffect(); + return exceedRCode(rate, seconds, RCode::NXDomain); + }); + + luaCtx.writeFunction("exceedRespByterate", [](unsigned int rate, int seconds) { + setLuaNoSideEffect(); + return exceedRespByterate(rate, seconds); + }); + + luaCtx.writeFunction("exceedQTypeRate", [](uint16_t type, unsigned int rate, int seconds) { + setLuaNoSideEffect(); + return exceedQueryGen(rate, seconds, [type](counts_t& counts, const Rings::Query& q) { + if(q.qtype==type) + counts[q.requestor]++; + }); + }); + + luaCtx.writeFunction("exceedQRate", [](unsigned int rate, int seconds) { + setLuaNoSideEffect(); + return exceedQueryGen(rate, seconds, [](counts_t& counts, const Rings::Query& q) { + counts[q.requestor]++; + }); + }); + + luaCtx.writeFunction("getRespRing", getRespRing); + + /* StatNode */ + luaCtx.registerFunction("numChildren", + [](StatNode& sn) -> unsigned int { + return sn.children.size(); + } ); + luaCtx.registerMember("fullname", &StatNode::fullname); + luaCtx.registerMember("labelsCount", &StatNode::labelsCount); + luaCtx.registerMember("servfails", &StatNode::Stat::servfails); + luaCtx.registerMember("nxdomains", &StatNode::Stat::nxdomains); + luaCtx.registerMember("queries", &StatNode::Stat::queries); + luaCtx.registerMember("noerrors", &StatNode::Stat::noerrors); + luaCtx.registerMember("drops", &StatNode::Stat::drops); + luaCtx.registerMember("bytes", &StatNode::Stat::bytes); + + luaCtx.writeFunction("statNodeRespRing", [](statvisitor_t visitor, boost::optional seconds) { + statNodeRespRing(visitor, seconds ? *seconds : 0); + }); + + /* DynBlockRulesGroup */ + luaCtx.writeFunction("dynBlockRulesGroup", []() { return std::make_shared(); }); + luaCtx.registerFunction::*)(unsigned int, unsigned int, const std::string&, unsigned int, boost::optional, boost::optional)>("setQueryRate", [](std::shared_ptr& group, unsigned int rate, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional action, boost::optional warningRate) { + if (group) { + group->setQueryRate(rate, warningRate ? *warningRate : 0, seconds, reason, blockDuration, action ? *action : DNSAction::Action::None); + } + }); + luaCtx.registerFunction::*)(unsigned int, unsigned int, const std::string&, unsigned int, boost::optional, boost::optional)>("setResponseByteRate", [](std::shared_ptr& group, unsigned int rate, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional action, boost::optional warningRate) { + if (group) { + group->setResponseByteRate(rate, warningRate ? *warningRate : 0, seconds, reason, blockDuration, action ? *action : DNSAction::Action::None); + } + }); + luaCtx.registerFunction::*)(unsigned int, const std::string&, unsigned int, boost::optional, DynBlockRulesGroup::smtVisitor_t)>("setSuffixMatchRule", [](std::shared_ptr& group, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional action, DynBlockRulesGroup::smtVisitor_t visitor) { + if (group) { + group->setSuffixMatchRule(seconds, reason, blockDuration, action ? *action : DNSAction::Action::None, visitor); + } + }); + luaCtx.registerFunction::*)(unsigned int, const std::string&, unsigned int, boost::optional, dnsdist_ffi_stat_node_visitor_t)>("setSuffixMatchRuleFFI", [](std::shared_ptr& group, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional action, dnsdist_ffi_stat_node_visitor_t visitor) { + if (group) { + group->setSuffixMatchRuleFFI(seconds, reason, blockDuration, action ? *action : DNSAction::Action::None, visitor); + } + }); + luaCtx.registerFunction::*)(uint8_t, unsigned int, unsigned int, const std::string&, unsigned int, boost::optional, boost::optional)>("setRCodeRate", [](std::shared_ptr& group, uint8_t rcode, unsigned int rate, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional action, boost::optional warningRate) { + if (group) { + group->setRCodeRate(rcode, rate, warningRate ? *warningRate : 0, seconds, reason, blockDuration, action ? *action : DNSAction::Action::None); + } + }); + luaCtx.registerFunction::*)(uint8_t, double, unsigned int, const std::string&, unsigned int, size_t, boost::optional, boost::optional)>("setRCodeRatio", [](std::shared_ptr& group, uint8_t rcode, double ratio, unsigned int seconds, const std::string& reason, unsigned int blockDuration, size_t minimumNumberOfResponses, boost::optional action, boost::optional warningRatio) { + if (group) { + group->setRCodeRatio(rcode, ratio, warningRatio ? *warningRatio : 0.0, seconds, reason, blockDuration, action ? *action : DNSAction::Action::None, minimumNumberOfResponses); + } + }); + luaCtx.registerFunction::*)(uint16_t, unsigned int, unsigned int, const std::string&, unsigned int, boost::optional, boost::optional)>("setQTypeRate", [](std::shared_ptr& group, uint16_t qtype, unsigned int rate, unsigned int seconds, const std::string& reason, unsigned int blockDuration, boost::optional action, boost::optional warningRate) { + if (group) { + group->setQTypeRate(qtype, rate, warningRate ? *warningRate : 0, seconds, reason, blockDuration, action ? *action : DNSAction::Action::None); + } + }); + luaCtx.registerFunction::*)(uint8_t, uint8_t, uint8_t)>("setMasks", [](std::shared_ptr& group, uint8_t v4, uint8_t v6, uint8_t port) { + if (group) { + if (v4 > 32) { + throw std::runtime_error("Trying to set an invalid IPv4 mask (" + std::to_string(v4) + ") to a Dynamic Block object"); + } + if (v6 > 128) { + throw std::runtime_error("Trying to set an invalid IPv6 mask (" + std::to_string(v6) + ") to a Dynamic Block object"); + } + if (port > 16) { + throw std::runtime_error("Trying to set an invalid port mask (" + std::to_string(port) + ") to a Dynamic Block object"); + } + if (port > 0 && v4 != 32) { + throw std::runtime_error("Setting a non-zero port mask for Dynamic Blocks while only considering parts of IPv4 addresses does not make sense"); + } + group->setMasks(v4, v6, port); + } + }); + luaCtx.registerFunction::*)(boost::variant>, NetmaskGroup>)>("excludeRange", [](std::shared_ptr& group, boost::variant>, NetmaskGroup> ranges) { + if (ranges.type() == typeid(std::vector>)) { + for (const auto& range : *boost::get>>(&ranges)) { + group->excludeRange(Netmask(range.second)); + } + } + else if (ranges.type() == typeid(NetmaskGroup)) { + group->excludeRange(*boost::get(&ranges)); + } + else { + group->excludeRange(Netmask(*boost::get(&ranges))); + } + }); + luaCtx.registerFunction::*)(boost::variant>, NetmaskGroup>)>("includeRange", [](std::shared_ptr& group, boost::variant>, NetmaskGroup> ranges) { + if (ranges.type() == typeid(std::vector>)) { + for (const auto& range : *boost::get>>(&ranges)) { + group->includeRange(Netmask(range.second)); + } + } + else if (ranges.type() == typeid(NetmaskGroup)) { + group->includeRange(*boost::get(&ranges)); + } + else { + group->includeRange(Netmask(*boost::get(&ranges))); + } + }); + luaCtx.registerFunction::*)(boost::variant>>)>("excludeDomains", [](std::shared_ptr& group, boost::variant>> domains) { + if (domains.type() == typeid(std::vector>)) { + for (const auto& range : *boost::get>>(&domains)) { + group->excludeDomain(DNSName(range.second)); + } + } + else { + group->excludeDomain(DNSName(*boost::get(&domains))); + } + }); + luaCtx.registerFunction::*)()>("apply", [](std::shared_ptr& group) { + group->apply(); + }); + luaCtx.registerFunction("setQuiet", &DynBlockRulesGroup::setQuiet); + luaCtx.registerFunction("toString", &DynBlockRulesGroup::toString); +} diff --git a/dnsdist-lua-rules.cc b/dnsdist-lua-rules.cc new file mode 100644 index 0000000..19eec4c --- /dev/null +++ b/dnsdist-lua-rules.cc @@ -0,0 +1,621 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "dnsdist.hh" +#include "dnsdist-lua.hh" +#include "dnsdist-rules.hh" + +std::shared_ptr makeRule(const luadnsrule_t& var) +{ + if (var.type() == typeid(std::shared_ptr)) + return *boost::get>(&var); + + SuffixMatchNode smn; + NetmaskGroup nmg; + auto add=[&](string src) { + try { + nmg.addMask(src); // need to try mask first, all masks are domain names! + } catch(...) { + smn.add(DNSName(src)); + } + }; + + if (var.type() == typeid(string)) + add(*boost::get(&var)); + + else if (var.type() == typeid(vector>)) + for(const auto& a : *boost::get>>(&var)) + add(a.second); + + else if (var.type() == typeid(DNSName)) + smn.add(*boost::get(&var)); + + else if (var.type() == typeid(vector>)) + for(const auto& a : *boost::get>>(&var)) + smn.add(a.second); + + if(nmg.empty()) + return std::make_shared(smn); + else + return std::make_shared(nmg, true); +} + +static boost::uuids::uuid makeRuleID(std::string& id) +{ + if (id.empty()) { + return getUniqueID(); + } + + return getUniqueID(id); +} + +void parseRuleParams(boost::optional params, boost::uuids::uuid& uuid, std::string& name, uint64_t& creationOrder) +{ + static uint64_t s_creationOrder = 0; + + string uuidStr; + + if (params) { + if (params->count("uuid")) { + uuidStr = boost::get((*params)["uuid"]); + } + if (params->count("name")) { + name = boost::get((*params)["name"]); + } + } + + uuid = makeRuleID(uuidStr); + creationOrder = s_creationOrder++; +} + +typedef std::unordered_map > > > ruleparams_t; + +template +static std::string rulesToString(const std::vector& rules, boost::optional vars) +{ + int num = 0; + bool showUUIDs = false; + size_t truncateRuleWidth = string::npos; + std::string result; + + if (vars) { + if (vars->count("showUUIDs")) { + showUUIDs = boost::get((*vars)["showUUIDs"]); + } + if (vars->count("truncateRuleWidth")) { + truncateRuleWidth = boost::get((*vars)["truncateRuleWidth"]); + } + } + + if (showUUIDs) { + boost::format fmt("%-3d %-30s %-38s %9d %9d %-56s %s\n"); + result += (fmt % "#" % "Name" % "UUID" % "Cr. Order" % "Matches" % "Rule" % "Action").str(); + for(const auto& lim : rules) { + string desc = lim.d_rule->toString().substr(0, truncateRuleWidth); + result += (fmt % num % lim.d_name % boost::uuids::to_string(lim.d_id) % lim.d_creationOrder % lim.d_rule->d_matches % desc % lim.d_action->toString()).str(); + ++num; + } + } + else { + boost::format fmt("%-3d %-30s %9d %-56s %s\n"); + result += (fmt % "#" % "Name" % "Matches" % "Rule" % "Action").str(); + for(const auto& lim : rules) { + string desc = lim.d_rule->toString().substr(0, truncateRuleWidth); + result += (fmt % num % lim.d_name % lim.d_rule->d_matches % desc % lim.d_action->toString()).str(); + ++num; + } + } + return result; +} + +template +static void showRules(GlobalStateHolder > *someRuleActions, boost::optional vars) { + setLuaNoSideEffect(); + + auto rules = someRuleActions->getLocal(); + g_outputBuffer += rulesToString(*rules, vars); +} + +template +static void rmRule(GlobalStateHolder > *someRuleActions, boost::variant id) { + setLuaSideEffect(); + auto rules = someRuleActions->getCopy(); + if (auto str = boost::get(&id)) { + try { + const auto uuid = getUniqueID(*str); + if (rules.erase(std::remove_if(rules.begin(), + rules.end(), + [uuid](const T& a) { return a.d_id == uuid; }), + rules.end()) == rules.end()) { + g_outputBuffer = "Error: no rule matched\n"; + return; + } + } + catch (const std::runtime_error& e) { + /* it was not an UUID, let's see if it was a name instead */ + if (rules.erase(std::remove_if(rules.begin(), + rules.end(), + [&str](const T& a) { return a.d_name == *str; }), + rules.end()) == rules.end()) { + g_outputBuffer = "Error: no rule matched\n"; + return; + } + } + } + else if (auto pos = boost::get(&id)) { + if (*pos >= rules.size()) { + g_outputBuffer = "Error: attempt to delete non-existing rule\n"; + return; + } + rules.erase(rules.begin()+*pos); + } + someRuleActions->setState(std::move(rules)); +} + +template +static void moveRuleToTop(GlobalStateHolder > *someRuleActions) { + setLuaSideEffect(); + auto rules = someRuleActions->getCopy(); + if(rules.empty()) + return; + auto subject = *rules.rbegin(); + rules.erase(std::prev(rules.end())); + rules.insert(rules.begin(), subject); + someRuleActions->setState(std::move(rules)); +} + +template +static void mvRule(GlobalStateHolder > *someRespRuleActions, unsigned int from, unsigned int to) { + setLuaSideEffect(); + auto rules = someRespRuleActions->getCopy(); + if(from >= rules.size() || to > rules.size()) { + g_outputBuffer = "Error: attempt to move rules from/to invalid index\n"; + return; + } + auto subject = rules[from]; + rules.erase(rules.begin()+from); + if(to > rules.size()) + rules.push_back(subject); + else { + if(from < to) + --to; + rules.insert(rules.begin()+to, subject); + } + someRespRuleActions->setState(std::move(rules)); +} + +template +static std::vector getTopRules(const std::vector& rules, unsigned int top) +{ + std::vector> counts; + counts.reserve(rules.size()); + + size_t pos = 0; + for (const auto& rule : rules) { + counts.push_back({rule.d_rule->d_matches.load(), pos}); + pos++; + } + + sort(counts.begin(), counts.end(), [](const decltype(counts)::value_type& a, + const decltype(counts)::value_type& b) { + return b.first < a.first; + }); + + std::vector results; + results.reserve(top); + + size_t count = 0; + for (const auto& entry : counts) { + results.emplace_back(rules.at(entry.second)); + ++count; + if (count == top) { + break; + } + } + + return results; +} + +void setupLuaRules(LuaContext& luaCtx) +{ + luaCtx.writeFunction("makeRule", makeRule); + + luaCtx.registerFunction::*)()const>("toString", [](const std::shared_ptr& rule) { return rule->toString(); }); + + luaCtx.writeFunction("showResponseRules", [](boost::optional vars) { + showRules(&g_respruleactions, vars); + }); + + luaCtx.writeFunction("rmResponseRule", [](boost::variant id) { + rmRule(&g_respruleactions, id); + }); + + luaCtx.writeFunction("mvResponseRuleToTop", []() { + moveRuleToTop(&g_respruleactions); + }); + + luaCtx.writeFunction("mvResponseRule", [](unsigned int from, unsigned int to) { + mvRule(&g_respruleactions, from, to); + }); + + luaCtx.writeFunction("showCacheHitResponseRules", [](boost::optional vars) { + showRules(&g_cachehitrespruleactions, vars); + }); + + luaCtx.writeFunction("rmCacheHitResponseRule", [](boost::variant id) { + rmRule(&g_cachehitrespruleactions, id); + }); + + luaCtx.writeFunction("mvCacheHitResponseRuleToTop", []() { + moveRuleToTop(&g_cachehitrespruleactions); + }); + + luaCtx.writeFunction("mvCacheHitResponseRule", [](unsigned int from, unsigned int to) { + mvRule(&g_cachehitrespruleactions, from, to); + }); + + luaCtx.writeFunction("showSelfAnsweredResponseRules", [](boost::optional vars) { + showRules(&g_selfansweredrespruleactions, vars); + }); + + luaCtx.writeFunction("rmSelfAnsweredResponseRule", [](boost::variant id) { + rmRule(&g_selfansweredrespruleactions, id); + }); + + luaCtx.writeFunction("mvSelfAnsweredResponseRuleToTop", []() { + moveRuleToTop(&g_selfansweredrespruleactions); + }); + + luaCtx.writeFunction("mvSelfAnsweredResponseRule", [](unsigned int from, unsigned int to) { + mvRule(&g_selfansweredrespruleactions, from, to); + }); + + luaCtx.writeFunction("rmRule", [](boost::variant id) { + rmRule(&g_ruleactions, id); + }); + + luaCtx.writeFunction("mvRuleToTop", []() { + moveRuleToTop(&g_ruleactions); + }); + + luaCtx.writeFunction("mvRule", [](unsigned int from, unsigned int to) { + mvRule(&g_ruleactions, from, to); + }); + + luaCtx.writeFunction("clearRules", []() { + setLuaSideEffect(); + g_ruleactions.modify([](decltype(g_ruleactions)::value_type& ruleactions) { + ruleactions.clear(); + }); + }); + + luaCtx.writeFunction("setRules", [](const std::vector>>& newruleactions) { + setLuaSideEffect(); + g_ruleactions.modify([newruleactions](decltype(g_ruleactions)::value_type& gruleactions) { + gruleactions.clear(); + for (const auto& pair : newruleactions) { + const auto& newruleaction = pair.second; + if (newruleaction->d_action) { + auto rule = makeRule(newruleaction->d_rule); + gruleactions.push_back({std::move(rule), newruleaction->d_action, newruleaction->d_name, newruleaction->d_id, newruleaction->d_creationOrder}); + } + } + }); + }); + + luaCtx.writeFunction("getTopRules", [](boost::optional top) { + setLuaNoSideEffect(); + auto rules = g_ruleactions.getLocal(); + return getTopRules(*rules, top.get_value_or(10)); + }); + + luaCtx.writeFunction("topRules", [](boost::optional top, boost::optional vars) { + setLuaNoSideEffect(); + auto rules = g_ruleactions.getLocal(); + return rulesToString(getTopRules(*rules, top.get_value_or(10)), vars); + }); + + luaCtx.writeFunction("getCacheHitResponseRules", [](boost::optional top) { + setLuaNoSideEffect(); + auto rules = g_cachehitrespruleactions.getLocal(); + return getTopRules(*rules, top.get_value_or(10)); + }); + + luaCtx.writeFunction("topCacheHitRules", [](boost::optional top, boost::optional vars) { + setLuaNoSideEffect(); + auto rules = g_cachehitrespruleactions.getLocal(); + return rulesToString(getTopRules(*rules, top.get_value_or(10)), vars); + }); + + luaCtx.writeFunction("getTopResponseRules", [](boost::optional top) { + setLuaNoSideEffect(); + auto rules = g_respruleactions.getLocal(); + return getTopRules(*rules, top.get_value_or(10)); + }); + + luaCtx.writeFunction("topResponseRules", [](boost::optional top, boost::optional vars) { + setLuaNoSideEffect(); + auto rules = g_respruleactions.getLocal(); + return rulesToString(getTopRules(*rules, top.get_value_or(10)), vars); + }); + + luaCtx.writeFunction("getTopSelfAnsweredResponseRules", [](boost::optional top) { + setLuaNoSideEffect(); + auto rules = g_selfansweredrespruleactions.getLocal(); + return getTopRules(*rules, top.get_value_or(10)); + }); + + luaCtx.writeFunction("topSelfAnsweredResponseRules", [](boost::optional top, boost::optional vars) { + setLuaNoSideEffect(); + auto rules = g_selfansweredrespruleactions.getLocal(); + return rulesToString(getTopRules(*rules, top.get_value_or(10)), vars); + }); + + luaCtx.writeFunction("MaxQPSIPRule", [](unsigned int qps, boost::optional ipv4trunc, boost::optional ipv6trunc, boost::optional burst, boost::optional expiration, boost::optional cleanupDelay, boost::optional scanFraction) { + return std::shared_ptr(new MaxQPSIPRule(qps, burst.get_value_or(qps), ipv4trunc.get_value_or(32), ipv6trunc.get_value_or(64), expiration.get_value_or(300), cleanupDelay.get_value_or(60), scanFraction.get_value_or(10))); + }); + + luaCtx.writeFunction("MaxQPSRule", [](unsigned int qps, boost::optional burst) { + if(!burst) + return std::shared_ptr(new MaxQPSRule(qps)); + else + return std::shared_ptr(new MaxQPSRule(qps, *burst)); + }); + + luaCtx.writeFunction("RegexRule", [](const std::string& str) { + return std::shared_ptr(new RegexRule(str)); + }); + +#ifdef HAVE_DNS_OVER_HTTPS + luaCtx.writeFunction("HTTPHeaderRule", [](const std::string& header, const std::string& regex) { + return std::shared_ptr(new HTTPHeaderRule(header, regex)); + }); + luaCtx.writeFunction("HTTPPathRule", [](const std::string& path) { + return std::shared_ptr(new HTTPPathRule(path)); + }); + luaCtx.writeFunction("HTTPPathRegexRule", [](const std::string& regex) { + return std::shared_ptr(new HTTPPathRegexRule(regex)); + }); +#endif + +#ifdef HAVE_RE2 + luaCtx.writeFunction("RE2Rule", [](const std::string& str) { + return std::shared_ptr(new RE2Rule(str)); + }); +#endif + + luaCtx.writeFunction("SNIRule", [](const std::string& name) { + return std::shared_ptr(new SNIRule(name)); + }); + + luaCtx.writeFunction("SuffixMatchNodeRule", [](const SuffixMatchNode& smn, boost::optional quiet) { + return std::shared_ptr(new SuffixMatchNodeRule(smn, quiet ? *quiet : false)); + }); + + luaCtx.writeFunction("NetmaskGroupRule", [](const NetmaskGroup& nmg, boost::optional src, boost::optional quiet) { + return std::shared_ptr(new NetmaskGroupRule(nmg, src ? *src : true, quiet ? *quiet : false)); + }); + + luaCtx.writeFunction("benchRule", [](std::shared_ptr rule, boost::optional times_, boost::optional suffix_) { + setLuaNoSideEffect(); + int times = times_.get_value_or(100000); + DNSName suffix(suffix_.get_value_or("powerdns.com")); + struct item { + PacketBuffer packet; + ComboAddress rem; + DNSName qname; + uint16_t qtype, qclass; + }; + vector items; + items.reserve(1000); + for(int n=0; n < 1000; ++n) { + struct item i; + i.qname=DNSName(std::to_string(random())); + i.qname += suffix; + i.qtype = random() % 0xff; + i.qclass = 1; + i.rem=ComboAddress("127.0.0.1"); + i.rem.sin4.sin_addr.s_addr = random(); + GenericDNSPacketWriter pw(i.packet, i.qname, i.qtype); + items.push_back(i); + } + + int matches=0; + ComboAddress dummy("127.0.0.1"); + StopWatch sw; + sw.start(); + for(int n=0; n < times; ++n) { + item& i = items[n % items.size()]; + DNSQuestion dq(&i.qname, i.qtype, i.qclass, &i.rem, &i.rem, i.packet, dnsdist::Protocol::DoUDP, &sw.d_start); + if (rule->matches(&dq)) { + matches++; + } + } + double udiff=sw.udiff(); + g_outputBuffer=(boost::format("Had %d matches out of %d, %.1f qps, in %.1f usec\n") % matches % times % (1000000*(1.0*times/udiff)) % udiff).str(); + + }); + + luaCtx.writeFunction("AllRule", []() { + return std::shared_ptr(new AllRule()); + }); + + luaCtx.writeFunction("ProbaRule", [](double proba) { + return std::shared_ptr(new ProbaRule(proba)); + }); + + luaCtx.writeFunction("QNameRule", [](const std::string& qname) { + return std::shared_ptr(new QNameRule(DNSName(qname))); + }); + + luaCtx.writeFunction("QTypeRule", [](boost::variant str) { + uint16_t qtype; + if(auto dir = boost::get(&str)) { + qtype = *dir; + } + else { + string val=boost::get(str); + qtype = QType::chartocode(val.c_str()); + if(!qtype) + throw std::runtime_error("Unable to convert '"+val+"' to a DNS type"); + } + return std::shared_ptr(new QTypeRule(qtype)); + }); + + luaCtx.writeFunction("QClassRule", [](int c) { + return std::shared_ptr(new QClassRule(c)); + }); + + luaCtx.writeFunction("OpcodeRule", [](uint8_t code) { + return std::shared_ptr(new OpcodeRule(code)); + }); + + luaCtx.writeFunction("AndRule", [](vector > >a) { + return std::shared_ptr(new AndRule(a)); + }); + + luaCtx.writeFunction("OrRule", [](vector > >a) { + return std::shared_ptr(new OrRule(a)); + }); + + luaCtx.writeFunction("DSTPortRule", [](uint16_t port) { + return std::shared_ptr(new DSTPortRule(port)); + }); + + luaCtx.writeFunction("TCPRule", [](bool tcp) { + return std::shared_ptr(new TCPRule(tcp)); + }); + + luaCtx.writeFunction("DNSSECRule", []() { + return std::shared_ptr(new DNSSECRule()); + }); + + luaCtx.writeFunction("NotRule", [](std::shared_ptrrule) { + return std::shared_ptr(new NotRule(rule)); + }); + + luaCtx.writeFunction("RecordsCountRule", [](uint8_t section, uint16_t minCount, uint16_t maxCount) { + return std::shared_ptr(new RecordsCountRule(section, minCount, maxCount)); + }); + + luaCtx.writeFunction("RecordsTypeCountRule", [](uint8_t section, uint16_t type, uint16_t minCount, uint16_t maxCount) { + return std::shared_ptr(new RecordsTypeCountRule(section, type, minCount, maxCount)); + }); + + luaCtx.writeFunction("TrailingDataRule", []() { + return std::shared_ptr(new TrailingDataRule()); + }); + + luaCtx.writeFunction("QNameLabelsCountRule", [](unsigned int minLabelsCount, unsigned int maxLabelsCount) { + return std::shared_ptr(new QNameLabelsCountRule(minLabelsCount, maxLabelsCount)); + }); + + luaCtx.writeFunction("QNameWireLengthRule", [](size_t min, size_t max) { + return std::shared_ptr(new QNameWireLengthRule(min, max)); + }); + + luaCtx.writeFunction("RCodeRule", [](uint8_t rcode) { + return std::shared_ptr(new RCodeRule(rcode)); + }); + + luaCtx.writeFunction("ERCodeRule", [](uint8_t rcode) { + return std::shared_ptr(new ERCodeRule(rcode)); + }); + + luaCtx.writeFunction("EDNSVersionRule", [](uint8_t version) { + return std::shared_ptr(new EDNSVersionRule(version)); + }); + + luaCtx.writeFunction("EDNSOptionRule", [](uint16_t optcode) { + return std::shared_ptr(new EDNSOptionRule(optcode)); + }); + + luaCtx.writeFunction("showRules", [](boost::optional vars) { + showRules(&g_ruleactions, vars); + }); + + luaCtx.writeFunction("RDRule", []() { + return std::shared_ptr(new RDRule()); + }); + + luaCtx.writeFunction("TagRule", [](std::string tag, boost::optional value) { + return std::shared_ptr(new TagRule(tag, value)); + }); + + luaCtx.writeFunction("TimedIPSetRule", []() { + return std::shared_ptr(new TimedIPSetRule()); + }); + + luaCtx.writeFunction("PoolAvailableRule", [](std::string poolname) { + return std::shared_ptr(new PoolAvailableRule(poolname)); + }); + + luaCtx.writeFunction("PoolOutstandingRule", [](std::string poolname, size_t limit) { + return std::shared_ptr(new PoolOutstandingRule(poolname, limit)); + }); + + luaCtx.registerFunction::*)()>("clear", [](std::shared_ptr tisr) { + tisr->clear(); + }); + + luaCtx.registerFunction::*)()>("cleanup", [](std::shared_ptr tisr) { + tisr->cleanup(); + }); + + luaCtx.registerFunction::*)(const ComboAddress& ca, int t)>("add", [](std::shared_ptr tisr, const ComboAddress& ca, int t) { + tisr->add(ca, time(0)+t); + }); + + luaCtx.registerFunction(std::shared_ptr::*)()>("slice", [](std::shared_ptr tisr) { + return std::dynamic_pointer_cast(tisr); + }); + luaCtx.registerFunction::*)()>("__tostring", [](std::shared_ptr tisr) { + tisr->toString(); + }); + + luaCtx.writeFunction("QNameSetRule", [](const DNSNameSet& names) { + return std::shared_ptr(new QNameSetRule(names)); + }); + + luaCtx.writeFunction("KeyValueStoreLookupRule", [](std::shared_ptr& kvs, std::shared_ptr& lookupKey) { + return std::shared_ptr(new KeyValueStoreLookupRule(kvs, lookupKey)); + }); + + luaCtx.writeFunction("KeyValueStoreRangeLookupRule", [](std::shared_ptr& kvs, std::shared_ptr& lookupKey) { + return std::shared_ptr(new KeyValueStoreRangeLookupRule(kvs, lookupKey)); + }); + + luaCtx.writeFunction("LuaRule", [](LuaRule::func_t func) { + return std::shared_ptr(new LuaRule(func)); + }); + + luaCtx.writeFunction("LuaFFIRule", [](LuaFFIRule::func_t func) { + return std::shared_ptr(new LuaFFIRule(func)); + }); + + luaCtx.writeFunction("LuaFFIPerThreadRule", [](std::string code) { + return std::shared_ptr(new LuaFFIPerThreadRule(code)); + }); + + luaCtx.writeFunction("ProxyProtocolValueRule", [](uint8_t type, boost::optional value) { + return std::shared_ptr(new ProxyProtocolValueRule(type, value)); + }); +} diff --git a/dnsdist-lua-vars.cc b/dnsdist-lua-vars.cc new file mode 100644 index 0000000..82c4a8e --- /dev/null +++ b/dnsdist-lua-vars.cc @@ -0,0 +1,126 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "dnsdist.hh" +#include "dnsdist-lua.hh" +#include "ednsoptions.hh" + +#undef BADSIG // signal.h SIG_ERR + +void setupLuaVars(LuaContext& luaCtx) +{ + luaCtx.writeVariable("DNSAction", std::unordered_map{ + {"Drop", (int)DNSAction::Action::Drop}, + {"Nxdomain", (int)DNSAction::Action::Nxdomain}, + {"Refused", (int)DNSAction::Action::Refused}, + {"Spoof", (int)DNSAction::Action::Spoof}, + {"SpoofRaw", (int)DNSAction::Action::SpoofRaw}, + {"Allow", (int)DNSAction::Action::Allow}, + {"HeaderModify", (int)DNSAction::Action::HeaderModify}, + {"Pool", (int)DNSAction::Action::Pool}, + {"None",(int)DNSAction::Action::None}, + {"NoOp",(int)DNSAction::Action::NoOp}, + {"Delay", (int)DNSAction::Action::Delay}, + {"Truncate", (int)DNSAction::Action::Truncate}, + {"ServFail", (int)DNSAction::Action::ServFail}, + {"NoRecurse", (int)DNSAction::Action::NoRecurse} + }); + + luaCtx.writeVariable("DNSResponseAction", std::unordered_map{ + {"Allow", (int)DNSResponseAction::Action::Allow }, + {"Delay", (int)DNSResponseAction::Action::Delay }, + {"Drop", (int)DNSResponseAction::Action::Drop }, + {"HeaderModify", (int)DNSResponseAction::Action::HeaderModify }, + {"ServFail", (int)DNSResponseAction::Action::ServFail }, + {"None", (int)DNSResponseAction::Action::None } + }); + + luaCtx.writeVariable("DNSClass", std::unordered_map{ + {"IN", QClass::IN }, + {"CHAOS", QClass::CHAOS }, + {"NONE", QClass::NONE }, + {"ANY", QClass::ANY } + }); + + luaCtx.writeVariable("DNSOpcode", std::unordered_map{ + {"Query", Opcode::Query }, + {"IQuery", Opcode::IQuery }, + {"Status", Opcode::Status }, + {"Notify", Opcode::Notify }, + {"Update", Opcode::Update } + }); + + luaCtx.writeVariable("DNSSection", std::unordered_map{ + {"Question", 0 }, + {"Answer", 1 }, + {"Authority", 2 }, + {"Additional",3 } + }); + + luaCtx.writeVariable("EDNSOptionCode", std::unordered_map{ + {"NSID", EDNSOptionCode::NSID }, + {"DAU", EDNSOptionCode::DAU }, + {"DHU", EDNSOptionCode::DHU }, + {"N3U", EDNSOptionCode::N3U }, + {"ECS", EDNSOptionCode::ECS }, + {"EXPIRE", EDNSOptionCode::EXPIRE }, + {"COOKIE", EDNSOptionCode::COOKIE }, + {"TCPKEEPALIVE", EDNSOptionCode::TCPKEEPALIVE }, + {"PADDING", EDNSOptionCode::PADDING }, + {"CHAIN", EDNSOptionCode::CHAIN }, + {"KEYTAG", EDNSOptionCode::KEYTAG } + }); + + luaCtx.writeVariable("DNSRCode", std::unordered_map{ + {"NOERROR", RCode::NoError }, + {"FORMERR", RCode::FormErr }, + {"SERVFAIL", RCode::ServFail }, + {"NXDOMAIN", RCode::NXDomain }, + {"NOTIMP", RCode::NotImp }, + {"REFUSED", RCode::Refused }, + {"YXDOMAIN", RCode::YXDomain }, + {"YXRRSET", RCode::YXRRSet }, + {"NXRRSET", RCode::NXRRSet }, + {"NOTAUTH", RCode::NotAuth }, + {"NOTZONE", RCode::NotZone }, + {"BADVERS", ERCode::BADVERS }, + {"BADSIG", ERCode::BADSIG }, + {"BADKEY", ERCode::BADKEY }, + {"BADTIME", ERCode::BADTIME }, + {"BADMODE", ERCode::BADMODE }, + {"BADNAME", ERCode::BADNAME }, + {"BADALG", ERCode::BADALG }, + {"BADTRUNC", ERCode::BADTRUNC }, + {"BADCOOKIE",ERCode::BADCOOKIE } + }); + + vector > dd; + for(const auto& n : QType::names) + dd.push_back({n.first, n.second}); + luaCtx.writeVariable("DNSQType", dd); + +#ifdef HAVE_DNSCRYPT + luaCtx.writeVariable("DNSCryptExchangeVersion", std::unordered_map{ + { "VERSION1", DNSCryptExchangeVersion::VERSION1 }, + { "VERSION2", DNSCryptExchangeVersion::VERSION2 }, + }); +#endif +} diff --git a/dnsdist-lua-web.cc b/dnsdist-lua-web.cc new file mode 100644 index 0000000..4b5c20b --- /dev/null +++ b/dnsdist-lua-web.cc @@ -0,0 +1,79 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include + +#include "dnsdist.hh" +#include "dnsdist-lua.hh" +#include "dnsdist-web.hh" + +void registerWebHandler(const std::string& endpoint, std::function handler); + +void setupLuaWeb(LuaContext& luaCtx) +{ + luaCtx.writeFunction("registerWebHandler", [](const std::string& path, std::function handler) { + /* LuaWrapper does a copy for objects passed by reference, so we pass a pointer */ + registerWebHandler(path, [handler](const YaHTTP::Request& req, YaHTTP::Response& resp) { handler(&req, &resp); }); + }); + + luaCtx.registerMember("path", [](const YaHTTP::Request& req) -> std::string { return req.url.path; }, [](YaHTTP::Request& req, const std::string& path) { (void) path; }); + luaCtx.registerMember("version", [](const YaHTTP::Request& req) -> int { return req.version; }, [](YaHTTP::Request& req, int version) { (void) version; }); + luaCtx.registerMember("method", [](const YaHTTP::Request& req) -> std::string { return req.method; }, [](YaHTTP::Request& req, const std::string& method) { (void) method; }); + luaCtx.registerMember("body", [](const YaHTTP::Request& req) -> const std::string { return req.body; }, [](YaHTTP::Request& req, const std::string& body) { (void) body; }); + luaCtx.registerMember(YaHTTP::Request::*)>("getvars", [](const YaHTTP::Request& req) { + std::unordered_map values; + for (const auto& entry : req.getvars) { + values.insert({entry.first, entry.second}); + } + return values; + }, [](YaHTTP::Request& req, const std::unordered_map& values) { (void) values; }); + luaCtx.registerMember(YaHTTP::Request::*)>("postvars", [](const YaHTTP::Request& req) { + std::unordered_map values; + for (const auto& entry : req.postvars) { + values.insert({entry.first, entry.second}); + } + return values; + }, [](YaHTTP::Request& req, const std::unordered_map& values) { (void) values; }); + luaCtx.registerMember(YaHTTP::Request::*)>("headers", [](const YaHTTP::Request& req) { + std::unordered_map values; + for (const auto& entry : req.headers) { + values.insert({entry.first, entry.second}); + } + return values; + }, [](YaHTTP::Request& req, const std::unordered_map& values) { (void) values; }); + + /* Response */ + luaCtx.registerMember("body", [](const YaHTTP::Response& resp) -> const std::string { return resp.body; }, [](YaHTTP::Response& resp, const std::string& body) { resp.body = body; }); + luaCtx.registerMember("status", [](const YaHTTP::Response& resp) -> int { return resp.status; }, [](YaHTTP::Response& resp, int status) { resp.status = status; }); + luaCtx.registerMember(YaHTTP::Response::*)>("headers", [](const YaHTTP::Response& resp) { + std::unordered_map values; + for (const auto& entry : resp.headers) { + values.insert({entry.first, entry.second}); + } + return values; + }, [](YaHTTP::Response& resp, const std::unordered_map& values) { + resp.headers.clear(); + for (const auto& entry : values) { + resp.headers.insert({entry.first, entry.second}); + } + }); +} + diff --git a/dnsdist-lua.cc b/dnsdist-lua.cc new file mode 100644 index 0000000..641464c --- /dev/null +++ b/dnsdist-lua.cc @@ -0,0 +1,2860 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include + +// for OpenBSD, sys/socket.h needs to come before net/if.h +#include +#include + +#include +#include +#include + +#include "dnsdist.hh" +#include "dnsdist-console.hh" +#include "dnsdist-dynblocks.hh" +#include "dnsdist-ecs.hh" +#include "dnsdist-healthchecks.hh" +#include "dnsdist-lua.hh" +#ifdef LUAJIT_VERSION +#include "dnsdist-lua-ffi.hh" +#endif /* LUAJIT_VERSION */ +#include "dnsdist-nghttp2.hh" +#include "dnsdist-proxy-protocol.hh" +#include "dnsdist-rings.hh" +#include "dnsdist-secpoll.hh" +#include "dnsdist-session-cache.hh" +#include "dnsdist-tcp-downstream.hh" +#include "dnsdist-web.hh" + +#include "base64.hh" +#include "dnswriter.hh" +#include "dolog.hh" +#include "lock.hh" +#include "sodcrypto.hh" + +#ifdef HAVE_LIBSSL +#include "libssl.hh" +#endif + +#include +#include + +#ifdef HAVE_SYSTEMD +#include +#endif + +using std::thread; + +static boost::optional>> g_launchWork = boost::none; + +boost::tribool g_noLuaSideEffect; +static bool g_included{false}; + +/* this is a best effort way to prevent logging calls with no side-effects in the output of delta() + Functions can declare setLuaNoSideEffect() and if nothing else does declare a side effect, or nothing + has done so before on this invocation, this call won't be part of delta() output */ +void setLuaNoSideEffect() +{ + if (g_noLuaSideEffect == false) // there has been a side effect already + return; + g_noLuaSideEffect = true; +} + +void setLuaSideEffect() +{ + g_noLuaSideEffect = false; +} + +bool getLuaNoSideEffect() +{ + if (g_noLuaSideEffect) { + return true; + } + return false; +} + +void resetLuaSideEffect() +{ + g_noLuaSideEffect = boost::logic::indeterminate; +} + +typedef std::unordered_map>, std::vector>, std::map>> localbind_t; + +static void parseLocalBindVars(boost::optional vars, bool& reusePort, int& tcpFastOpenQueueSize, std::string& interface, std::set& cpus, int& tcpListenQueueSize, size_t& maxInFlightQueriesPerConnection, size_t& tcpMaxConcurrentConnections) +{ + if (vars) { + if (vars->count("reusePort")) { + reusePort = boost::get((*vars)["reusePort"]); + } + if (vars->count("tcpFastOpenQueueSize")) { + tcpFastOpenQueueSize = boost::get((*vars)["tcpFastOpenQueueSize"]); + } + if (vars->count("tcpListenQueueSize")) { + tcpListenQueueSize = boost::get((*vars)["tcpListenQueueSize"]); + } + if (vars->count("maxConcurrentTCPConnections")) { + tcpMaxConcurrentConnections = boost::get((*vars)["maxConcurrentTCPConnections"]); + } + if (vars->count("maxInFlight")) { + maxInFlightQueriesPerConnection = boost::get((*vars)["maxInFlight"]); + } + if (vars->count("interface")) { + interface = boost::get((*vars)["interface"]); + } + if (vars->count("cpus")) { + for (const auto& cpu : boost::get>>((*vars)["cpus"])) { + cpus.insert(cpu.second); + } + } + } +} + +#if defined(HAVE_DNS_OVER_TLS) || defined(HAVE_DNS_OVER_HTTPS) +static bool loadTLSCertificateAndKeys(const std::string& context, std::vector>& pairs, boost::variant>> certFiles, boost::variant>> keyFiles) +{ + if (certFiles.type() == typeid(std::string) && keyFiles.type() == typeid(std::string)) { + auto certFile = boost::get(certFiles); + auto keyFile = boost::get(keyFiles); + pairs.clear(); + pairs.emplace_back(certFile, keyFile); + } + else if (certFiles.type() == typeid(std::vector>) && keyFiles.type() == typeid(std::vector>)) { + auto certFilesVect = boost::get>>(certFiles); + auto keyFilesVect = boost::get>>(keyFiles); + if (certFilesVect.size() == keyFilesVect.size()) { + pairs.clear(); + for (size_t idx = 0; idx < certFilesVect.size(); idx++) { + pairs.emplace_back(certFilesVect.at(idx).second, keyFilesVect.at(idx).second); + } + } + else { + errlog("Error, mismatching number of certificates and keys in call to %s()!", context); + g_outputBuffer = "Error, mismatching number of certificates and keys in call to " + context + "()!"; + return false; + } + } + else { + errlog("Error, mismatching number of certificates and keys in call to %s()!", context); + g_outputBuffer = "Error, mismatching number of certificates and keys in call to " + context + "()!"; + return false; + } + + return true; +} + +static void parseTLSConfig(TLSConfig& config, const std::string& context, boost::optional vars) +{ + if (vars->count("ciphers")) { + config.d_ciphers = boost::get((*vars)["ciphers"]); + } + + if (vars->count("ciphersTLS13")) { + config.d_ciphers13 = boost::get((*vars)["ciphersTLS13"]); + } + +#ifdef HAVE_LIBSSL + if (vars->count("minTLSVersion")) { + config.d_minTLSVersion = libssl_tls_version_from_string(boost::get((*vars)["minTLSVersion"])); + } +#endif /* HAVE_LIBSSL */ + + if (vars->count("ticketKeyFile")) { + config.d_ticketKeyFile = boost::get((*vars)["ticketKeyFile"]); + } + + if (vars->count("ticketsKeysRotationDelay")) { + config.d_ticketsKeyRotationDelay = boost::get((*vars)["ticketsKeysRotationDelay"]); + } + + if (vars->count("numberOfTicketsKeys")) { + config.d_numberOfTicketsKeys = boost::get((*vars)["numberOfTicketsKeys"]); + } + + if (vars->count("preferServerCiphers")) { + config.d_preferServerCiphers = boost::get((*vars)["preferServerCiphers"]); + } + + if (vars->count("sessionTimeout")) { + config.d_sessionTimeout = boost::get((*vars)["sessionTimeout"]); + } + + if (vars->count("sessionTickets")) { + config.d_enableTickets = boost::get((*vars)["sessionTickets"]); + } + + if (vars->count("numberOfStoredSessions")) { + auto value = boost::get((*vars)["numberOfStoredSessions"]); + if (value < 0) { + errlog("Invalid value '%d' for %s() parameter 'numberOfStoredSessions', should be >= 0, dismissing", value, context); + g_outputBuffer = "Invalid value '" + std::to_string(value) + "' for " + context + "() parameter 'numberOfStoredSessions', should be >= 0, dismissing"; + } + config.d_maxStoredSessions = value; + } + + if (vars->count("ocspResponses")) { + auto files = boost::get>>((*vars)["ocspResponses"]); + for (const auto& file : files) { + config.d_ocspFiles.push_back(file.second); + } + } + + if (vars->count("keyLogFile")) { +#ifdef HAVE_SSL_CTX_SET_KEYLOG_CALLBACK + config.d_keyLogFile = boost::get((*vars)["keyLogFile"]); +#else + errlog("TLS Key logging has been enabled using the 'keyLogFile' parameter to %s(), but this version of OpenSSL does not support it", context); + g_outputBuffer = "TLS Key logging has been enabled using the 'keyLogFile' parameter to " + context + "(), but this version of OpenSSL does not support it"; +#endif + } + + if (vars->count("releaseBuffers")) { + config.d_releaseBuffers = boost::get((*vars)["releaseBuffers"]); + } + + if (vars->count("enableRenegotiation")) { + config.d_enableRenegotiation = boost::get((*vars)["enableRenegotiation"]); + } +} + +#endif // defined(HAVE_DNS_OVER_TLS) || defined(HAVE_DNS_OVER_HTTPS) + +static void checkParameterBound(const std::string& parameter, uint64_t value, size_t max = std::numeric_limits::max()) +{ + if (value > max) { + throw std::runtime_error("The value (" + std::to_string(value) + ") passed to " + parameter + " is too large, the maximum is " + std::to_string(max)); + } +} + +static void setupLuaConfig(LuaContext& luaCtx, bool client, bool configCheck) +{ + typedef std::unordered_map>, DownstreamState::checkfunc_t>> newserver_t; + luaCtx.writeFunction("inClientStartup", [client]() { + return client && !g_configurationDone; + }); + + luaCtx.writeFunction("inConfigCheck", [configCheck]() { + return configCheck; + }); + + luaCtx.writeFunction("newServer", + [client, configCheck](boost::variant pvars, boost::optional qps) { + setLuaSideEffect(); + + newserver_t vars; + + ComboAddress serverAddr; + std::string serverAddressStr; + if (auto addrStr = boost::get(&pvars)) { + serverAddressStr = *addrStr; + if (qps) { + vars["qps"] = std::to_string(*qps); + } + } + else { + vars = boost::get(pvars); + serverAddressStr = boost::get(vars["address"]); + } + + try { + serverAddr = ComboAddress(serverAddressStr, 53); + } + catch (const PDNSException& e) { + g_outputBuffer = "Error creating new server: " + string(e.reason); + errlog("Error creating new server with address %s: %s", serverAddressStr, e.reason); + return std::shared_ptr(); + } + catch (const std::exception& e) { + g_outputBuffer = "Error creating new server: " + string(e.what()); + errlog("Error creating new server with address %s: %s", serverAddressStr, e.what()); + return std::shared_ptr(); + } + + if (IsAnyAddress(serverAddr)) { + g_outputBuffer = "Error creating new server: invalid address for a downstream server."; + errlog("Error creating new server: %s is not a valid address for a downstream server", serverAddressStr); + return std::shared_ptr(); + } + + ComboAddress sourceAddr; + std::string sourceItfName; + unsigned int sourceItf = 0; + size_t numberOfSockets = 1; + std::set cpus; + + if (vars.count("source")) { + /* handle source in the following forms: + - v4 address ("192.0.2.1") + - v6 address ("2001:DB8::1") + - interface name ("eth0") + - v4 address and interface name ("192.0.2.1@eth0") + - v6 address and interface name ("2001:DB8::1@eth0") + */ + const string source = boost::get(vars["source"]); + bool parsed = false; + std::string::size_type pos = source.find("@"); + if (pos == std::string::npos) { + /* no '@', try to parse that as a valid v4/v6 address */ + try { + sourceAddr = ComboAddress(source); + parsed = true; + } + catch (...) { + } + } + + if (parsed == false) { + /* try to parse as interface name, or v4/v6@itf */ + sourceItfName = source.substr(pos == std::string::npos ? 0 : pos + 1); + unsigned int itfIdx = if_nametoindex(sourceItfName.c_str()); + + if (itfIdx != 0) { + if (pos == 0 || pos == std::string::npos) { + /* "eth0" or "@eth0" */ + sourceItf = itfIdx; + } + else { + /* "192.0.2.1@eth0" */ + sourceAddr = ComboAddress(source.substr(0, pos)); + sourceItf = itfIdx; + } +#ifdef SO_BINDTODEVICE + /* we need to retain CAP_NET_RAW to be able to set SO_BINDTODEVICE in the health checks */ + g_capabilitiesToRetain.insert("CAP_NET_RAW"); +#endif + } + else { + warnlog("Dismissing source %s because '%s' is not a valid interface name", source, sourceItfName); + } + } + } + + if (vars.count("sockets")) { + numberOfSockets = std::stoul(boost::get(vars["sockets"])); + if (numberOfSockets == 0) { + warnlog("Dismissing invalid number of sockets '%s', using 1 instead", boost::get(vars["sockets"])); + numberOfSockets = 1; + } + } + + // create but don't connect the socket in client or check-config modes + auto ret = std::make_shared(serverAddr, sourceAddr, sourceItf, sourceItfName); + if (!(client || configCheck)) { + infolog("Added downstream server %s", serverAddr.toStringWithPort()); + } + + if (vars.count("qps")) { + int qpsVal = std::stoi(boost::get(vars["qps"])); + ret->qps = QPSLimiter(qpsVal, qpsVal); + } + + if (vars.count("order")) { + ret->order = std::stoi(boost::get(vars["order"])); + } + + if (vars.count("weight")) { + try { + int weightVal = std::stoi(boost::get(vars["weight"])); + + if (weightVal < 1) { + errlog("Error creating new server: downstream weight value must be greater than 0."); + return ret; + } + + ret->setWeight(weightVal); + } + catch (const std::exception& e) { + // std::stoi will throw an exception if the string isn't in a value int range + errlog("Error creating new server: downstream weight value must be between %s and %s", 1, std::numeric_limits::max()); + return ret; + } + } + + if (vars.count("retries")) { + ret->d_retries = std::stoi(boost::get(vars["retries"])); + } + + if (vars.count("checkInterval")) { + ret->checkInterval = static_cast(std::stoul(boost::get(vars["checkInterval"]))); + } + + if (vars.count("tcpConnectTimeout")) { + ret->tcpConnectTimeout = std::stoi(boost::get(vars["tcpConnectTimeout"])); + } + + if (vars.count("tcpSendTimeout")) { + ret->tcpSendTimeout = std::stoi(boost::get(vars["tcpSendTimeout"])); + } + + if (vars.count("tcpRecvTimeout")) { + ret->tcpRecvTimeout = std::stoi(boost::get(vars["tcpRecvTimeout"])); + } + + if (vars.count("tcpFastOpen")) { + bool fastOpen = boost::get(vars["tcpFastOpen"]); + if (fastOpen) { +#ifdef MSG_FASTOPEN + ret->tcpFastOpen = true; +#else + warnlog("TCP Fast Open has been configured on downstream server %s but is not supported", boost::get(vars["address"])); +#endif + } + } + + if (vars.count("maxInFlight")) { + ret->d_maxInFlightQueriesPerConn = std::stoi(boost::get(vars["maxInFlight"])); + } + + if (vars.count("name")) { + ret->setName(boost::get(vars["name"])); + } + + if (vars.count("id")) { + ret->setId(boost::lexical_cast(boost::get(vars["id"]))); + } + + if (vars.count("checkName")) { + ret->checkName = DNSName(boost::get(vars["checkName"])); + } + + if (vars.count("checkType")) { + ret->checkType = boost::get(vars["checkType"]); + } + + if (vars.count("checkClass")) { + ret->checkClass = std::stoi(boost::get(vars["checkClass"])); + } + + if (vars.count("checkFunction")) { + ret->checkFunction = boost::get(vars["checkFunction"]); + } + + if (vars.count("checkTimeout")) { + ret->checkTimeout = std::stoi(boost::get(vars["checkTimeout"])); + } + + if (vars.count("checkTCP")) { + ret->d_tcpCheck = boost::get(vars.at("checkTCP")); + } + + if (vars.count("setCD")) { + ret->setCD = boost::get(vars["setCD"]); + } + + if (vars.count("mustResolve")) { + ret->mustResolve = boost::get(vars["mustResolve"]); + } + + if (vars.count("useClientSubnet")) { + ret->useECS = boost::get(vars["useClientSubnet"]); + } + + if (vars.count("useProxyProtocol")) { + ret->useProxyProtocol = boost::get(vars["useProxyProtocol"]); + } + + if (vars.count("disableZeroScope")) { + ret->disableZeroScope = boost::get(vars["disableZeroScope"]); + } + + if (vars.count("ipBindAddrNoPort")) { + ret->ipBindAddrNoPort = boost::get(vars["ipBindAddrNoPort"]); + } + + if (vars.count("addXPF")) { + ret->xpfRRCode = std::stoi(boost::get(vars["addXPF"])); + } + + if (vars.count("maxCheckFailures")) { + ret->maxCheckFailures = std::stoi(boost::get(vars["maxCheckFailures"])); + } + + if (vars.count("rise")) { + ret->minRiseSuccesses = std::stoi(boost::get(vars["rise"])); + } + + if (vars.count("reconnectOnUp")) { + ret->reconnectOnUp = boost::get(vars["reconnectOnUp"]); + } + + if (vars.count("cpus")) { + for (const auto& cpu : boost::get>>(vars["cpus"])) { + cpus.insert(std::stoi(cpu.second)); + } + } + + if (vars.count("tcpOnly")) { + ret->d_tcpOnly = boost::get(vars.at("tcpOnly")); + } + + if (vars.count("tls")) { + TLSContextParameters tlsParams; + std::string ciphers; + std::string ciphers13; + + tlsParams.d_provider = boost::get(vars.at("tls")); + + if (vars.count("ciphers")) { + tlsParams.d_ciphers = boost::get(vars.at("ciphers")); + } + if (vars.count("ciphers13")) { + tlsParams.d_ciphers13 = boost::get(vars.at("ciphers13")); + } + if (vars.count("caStore")) { + tlsParams.d_caStore = boost::get(vars.at("caStore")); + } + if (vars.count("validateCertificates")) { + tlsParams.d_validateCertificates = boost::get(vars.at("validateCertificates")); + } + if (vars.count("releaseBuffers")) { + tlsParams.d_releaseBuffers = boost::get(vars.at("releaseBuffers")); + } + if (vars.count("enableRenegotiation")) { + tlsParams.d_enableRenegotiation = boost::get(vars.at("enableRenegotiation")); + } + if (vars.count("subjectName")) { + ret->d_tlsSubjectName = boost::get(vars.at("subjectName")); + } + + ret->d_tlsCtx = getTLSContext(tlsParams); + + if (vars.count("dohPath")) { +#ifdef HAVE_NGHTTP2 + ret->d_dohPath = boost::get(vars.at("dohPath")); + if (ret->d_tlsCtx) { + setupDoHClientProtocolNegotiation(ret->d_tlsCtx); + } + + if (g_configurationDone && g_outgoingDoHWorkerThreads && *g_outgoingDoHWorkerThreads == 0) { + throw std::runtime_error("Error: setOutgoingDoHWorkerThreads() is set to 0 so no outgoing DoH worker thread is available to serve queries"); + } + + if (!g_outgoingDoHWorkerThreads || *g_outgoingDoHWorkerThreads == 0) { + g_outgoingDoHWorkerThreads = 1; + } + + if (vars.count("addXForwardedHeaders")) { + ret->d_addXForwardedHeaders = boost::get(vars.at("addXForwardedHeaders")); + } +#else /* HAVE_NGHTTP2 */ + throw std::runtime_error("Outgoing DNS over HTTPS support requested (via 'dohPath' on newServer()) but nghttp2 support is not available"); +#endif /* HAVE_NGHTTP2 */ + } + else { + setupDoTProtocolNegotiation(ret->d_tlsCtx); + } + } + + if (!ret->isTCPOnly() && !(client || configCheck)) { + if (!IsAnyAddress(ret->remote)) { + ret->connectUDPSockets(numberOfSockets); + } + } + + /* this needs to be done _AFTER_ the order has been set, + since the server are kept ordered inside the pool */ + auto localPools = g_pools.getCopy(); + if (vars.count("pool")) { + if (auto* pool = boost::get(&vars["pool"])) { + ret->pools.insert(*pool); + } + else { + auto pools = boost::get>>(vars["pool"]); + for (auto& p : pools) { + ret->pools.insert(p.second); + } + } + for (const auto& poolName : ret->pools) { + addServerToPool(localPools, poolName, ret); + } + } + else { + addServerToPool(localPools, "", ret); + } + g_pools.setState(localPools); + + if (ret->connected) { + ret->threadStarted.test_and_set(); + + if (g_launchWork) { + g_launchWork->push_back([ret, cpus]() { + ret->tid = thread(responderThread, ret); + if (!cpus.empty()) { + mapThreadToCPUList(ret->tid.native_handle(), cpus); + } + }); + } + else { + ret->tid = thread(responderThread, ret); + if (!cpus.empty()) { + mapThreadToCPUList(ret->tid.native_handle(), cpus); + } + } + } + + auto states = g_dstates.getCopy(); + states.push_back(ret); + std::stable_sort(states.begin(), states.end(), [](const decltype(ret)& a, const decltype(ret)& b) { + return a->order < b->order; + }); + g_dstates.setState(states); + return ret; + }); + + luaCtx.writeFunction("rmServer", + [](boost::variant, int, std::string> var) { + setLuaSideEffect(); + shared_ptr server = nullptr; + auto states = g_dstates.getCopy(); + if (auto* rem = boost::get>(&var)) { + server = *rem; + } + else if (auto str = boost::get(&var)) { + const auto uuid = getUniqueID(*str); + for (auto& state : states) { + if (state->id == uuid) { + server = state; + } + } + } + else { + int idx = boost::get(var); + server = states.at(idx); + } + if (!server) { + throw std::runtime_error("unable to locate the requested server"); + } + auto localPools = g_pools.getCopy(); + for (const string& poolName : server->pools) { + removeServerFromPool(localPools, poolName, server); + } + /* the server might also be in the default pool */ + removeServerFromPool(localPools, "", server); + g_pools.setState(localPools); + states.erase(remove(states.begin(), states.end(), server), states.end()); + g_dstates.setState(states); + server->stop(); + }); + + luaCtx.writeFunction("truncateTC", [](bool tc) { setLuaSideEffect(); g_truncateTC=tc; }); + luaCtx.writeFunction("fixupCase", [](bool fu) { setLuaSideEffect(); g_fixupCase=fu; }); + + luaCtx.writeFunction("addACL", [](const std::string& domain) { + setLuaSideEffect(); + g_ACL.modify([domain](NetmaskGroup& nmg) { nmg.addMask(domain); }); + }); + + luaCtx.writeFunction("rmACL", [](const std::string& netmask) { + setLuaSideEffect(); + g_ACL.modify([netmask](NetmaskGroup& nmg) { nmg.deleteMask(netmask); }); + }); + + luaCtx.writeFunction("setLocal", [client](const std::string& addr, boost::optional vars) { + setLuaSideEffect(); + if (client) + return; + if (g_configurationDone) { + g_outputBuffer = "setLocal cannot be used at runtime!\n"; + return; + } + bool reusePort = false; + int tcpFastOpenQueueSize = 0; + int tcpListenQueueSize = 0; + size_t maxInFlightQueriesPerConn = 0; + size_t tcpMaxConcurrentConnections = 0; + std::string interface; + std::set cpus; + + parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn, tcpMaxConcurrentConnections); + + try { + ComboAddress loc(addr, 53); + for (auto it = g_frontends.begin(); it != g_frontends.end();) { + /* DoH, DoT and DNSCrypt frontends are separate */ + if ((*it)->tlsFrontend == nullptr && (*it)->dnscryptCtx == nullptr && (*it)->dohFrontend == nullptr) { + it = g_frontends.erase(it); + } + else { + ++it; + } + } + + // only works pre-startup, so no sync necessary + g_frontends.push_back(std::make_unique(loc, false, reusePort, tcpFastOpenQueueSize, interface, cpus)); + auto tcpCS = std::make_unique(loc, true, reusePort, tcpFastOpenQueueSize, interface, cpus); + if (tcpListenQueueSize > 0) { + tcpCS->tcpListenQueueSize = tcpListenQueueSize; + } + if (maxInFlightQueriesPerConn > 0) { + tcpCS->d_maxInFlightQueriesPerConn = maxInFlightQueriesPerConn; + } + if (tcpMaxConcurrentConnections > 0) { + tcpCS->d_tcpConcurrentConnectionsLimit = tcpMaxConcurrentConnections; + } + + g_frontends.push_back(std::move(tcpCS)); + } + catch (const std::exception& e) { + g_outputBuffer = "Error: " + string(e.what()) + "\n"; + } + }); + + luaCtx.writeFunction("addLocal", [client](const std::string& addr, boost::optional vars) { + setLuaSideEffect(); + if (client) + return; + if (g_configurationDone) { + g_outputBuffer = "addLocal cannot be used at runtime!\n"; + return; + } + bool reusePort = false; + int tcpFastOpenQueueSize = 0; + int tcpListenQueueSize = 0; + size_t maxInFlightQueriesPerConn = 0; + size_t tcpMaxConcurrentConnections = 0; + std::string interface; + std::set cpus; + + parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn, tcpMaxConcurrentConnections); + + try { + ComboAddress loc(addr, 53); + // only works pre-startup, so no sync necessary + g_frontends.push_back(std::make_unique(loc, false, reusePort, tcpFastOpenQueueSize, interface, cpus)); + auto tcpCS = std::make_unique(loc, true, reusePort, tcpFastOpenQueueSize, interface, cpus); + if (tcpListenQueueSize > 0) { + tcpCS->tcpListenQueueSize = tcpListenQueueSize; + } + if (maxInFlightQueriesPerConn > 0) { + tcpCS->d_maxInFlightQueriesPerConn = maxInFlightQueriesPerConn; + } + if (tcpMaxConcurrentConnections > 0) { + tcpCS->d_tcpConcurrentConnectionsLimit = tcpMaxConcurrentConnections; + } + g_frontends.push_back(std::move(tcpCS)); + } + catch (std::exception& e) { + g_outputBuffer = "Error: " + string(e.what()) + "\n"; + errlog("Error while trying to listen on %s: %s\n", addr, string(e.what())); + } + }); + + luaCtx.writeFunction("setACL", [](boost::variant>> inp) { + setLuaSideEffect(); + NetmaskGroup nmg; + if (auto str = boost::get(&inp)) { + nmg.addMask(*str); + } + else + for (const auto& p : boost::get>>(inp)) { + nmg.addMask(p.second); + } + g_ACL.setState(nmg); + }); + + luaCtx.writeFunction("setACLFromFile", [](const std::string& file) { + setLuaSideEffect(); + NetmaskGroup nmg; + + ifstream ifs(file); + if (!ifs) { + throw std::runtime_error("Could not open '" + file + "': " + stringerror()); + } + + string::size_type pos; + string line; + while (getline(ifs, line)) { + pos = line.find('#'); + if (pos != string::npos) + line.resize(pos); + boost::trim(line); + if (line.empty()) + continue; + + nmg.addMask(line); + } + + g_ACL.setState(nmg); + }); + + luaCtx.writeFunction("showACL", []() { + setLuaNoSideEffect(); + vector vec; + + g_ACL.getLocal()->toStringVector(&vec); + + for (const auto& s : vec) + g_outputBuffer += s + "\n"; + }); + + luaCtx.writeFunction("shutdown", []() { +#ifdef HAVE_SYSTEMD + sd_notify(0, "STOPPING=1"); +#endif /* HAVE_SYSTEMD */ +#if 0 + // Useful for debugging leaks, but might lead to race under load + // since other threads are still running. + for(auto& frontend : g_tlslocals) { + frontend->cleanup(); + } + g_tlslocals.clear(); + g_rings.clear(); +#endif /* 0 */ + _exit(0); + }); + + typedef std::unordered_map> showserversopts_t; + + luaCtx.writeFunction("showServers", [](boost::optional vars) { + setLuaNoSideEffect(); + bool showUUIDs = false; + if (vars) { + if (vars->count("showUUIDs")) { + showUUIDs = boost::get((*vars)["showUUIDs"]); + } + } + try { + ostringstream ret; + boost::format fmt; + if (showUUIDs) { + fmt = boost::format("%1$-3d %15$-36s %2$-20.20s %|62t|%3% %|92t|%4$5s %|88t|%5$7.1f %|103t|%6$7d %|106t|%7$3d %|115t|%8$2d %|117t|%9$10d %|123t|%10$7d %|128t|%11$5.1f %|146t|%12$5.1f %|152t|%13$11d %14%"); + // 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 + ret << (fmt % "#" % "Name" % "Address" % "State" % "Qps" % "Qlim" % "Ord" % "Wt" % "Queries" % "Drops" % "Drate" % "Lat" % "Outstanding" % "Pools" % "UUID") << endl; + } + else { + fmt = boost::format("%1$-3d %2$-20.20s %|25t|%3% %|55t|%4$5s %|51t|%5$7.1f %|66t|%6$7d %|69t|%7$3d %|78t|%8$2d %|80t|%9$10d %|86t|%10$7d %|91t|%11$5.1f %|109t|%12$5.1f %|115t|%13$11d %14%"); + ret << (fmt % "#" % "Name" % "Address" % "State" % "Qps" % "Qlim" % "Ord" % "Wt" % "Queries" % "Drops" % "Drate" % "Lat" % "Outstanding" % "Pools") << endl; + } + + uint64_t totQPS{0}, totQueries{0}, totDrops{0}; + int counter = 0; + auto states = g_dstates.getLocal(); + for (const auto& s : *states) { + string status = s->getStatus(); + string pools; + for (auto& p : s->pools) { + if (!pools.empty()) + pools += " "; + pools += p; + } + if (showUUIDs) { + ret << (fmt % counter % s->getName() % s->remote.toStringWithPort() % status % s->queryLoad % s->qps.getRate() % s->order % s->weight % s->queries.load() % s->reuseds.load() % (s->dropRate) % (s->latencyUsec / 1000.0) % s->outstanding.load() % pools % s->id) << endl; + } + else { + ret << (fmt % counter % s->getName() % s->remote.toStringWithPort() % status % s->queryLoad % s->qps.getRate() % s->order % s->weight % s->queries.load() % s->reuseds.load() % (s->dropRate) % (s->latencyUsec / 1000.0) % s->outstanding.load() % pools) << endl; + } + totQPS += s->queryLoad; + totQueries += s->queries.load(); + totDrops += s->reuseds.load(); + ++counter; + } + if (showUUIDs) { + ret << (fmt % "All" % "" % "" % "" + % (double)totQPS % "" % "" % "" % totQueries % totDrops % "" % "" % "" % "" % "") + << endl; + } + else { + ret << (fmt % "All" % "" % "" % "" + % (double)totQPS % "" % "" % "" % totQueries % totDrops % "" % "" % "" % "") + << endl; + } + + g_outputBuffer = ret.str(); + } + catch (std::exception& e) { + g_outputBuffer = e.what(); + throw; + } + }); + + luaCtx.writeFunction("getServers", []() { + setLuaNoSideEffect(); + vector>> ret; + int count = 1; + for (const auto& s : g_dstates.getCopy()) { + ret.push_back(make_pair(count++, s)); + } + return ret; + }); + + luaCtx.writeFunction("getPoolServers", [](string pool) { + const auto poolServers = getDownstreamCandidates(g_pools.getCopy(), pool); + return *poolServers; + }); + + luaCtx.writeFunction("getServer", [client](boost::variant i) { + if (client) { + return std::make_shared(ComboAddress()); + } + auto states = g_dstates.getCopy(); + if (auto str = boost::get(&i)) { + const auto uuid = getUniqueID(*str); + for (auto& state : states) { + if (state->id == uuid) { + return state; + } + } + } + else if (auto pos = boost::get(&i)) { + return states.at(*pos); + } + + g_outputBuffer = "Error: no rule matched\n"; + return std::shared_ptr(nullptr); + }); + + luaCtx.writeFunction("carbonServer", [](const std::string& address, boost::optional ourName, boost::optional interval, boost::optional namespace_name, boost::optional instance_name) { + setLuaSideEffect(); + auto ours = g_carbon.getCopy(); + ours.push_back({ComboAddress(address, 2003), + (namespace_name && !namespace_name->empty()) ? *namespace_name : "dnsdist", + ourName ? *ourName : "", + (instance_name && !instance_name->empty()) ? *instance_name : "main", + interval ? *interval : 30}); + g_carbon.setState(ours); + }); + + luaCtx.writeFunction("webserver", [client, configCheck](const std::string& address, boost::optional password, boost::optional apiKey, const boost::optional> customHeaders, const boost::optional acl) { + setLuaSideEffect(); + ComboAddress local; + try { + local = ComboAddress(address); + } + catch (const PDNSException& e) { + throw std::runtime_error(std::string("Error parsing the bind address for the webserver: ") + e.reason); + } + + if (client || configCheck) { + return; + } + + if (password || apiKey || customHeaders || acl) { + warnlog("Passing additional parameters to 'webserver()' is deprecated, please use 'setWebserverConfig()' instead."); + } + + try { + int sock = SSocket(local.sin4.sin_family, SOCK_STREAM, 0); + SSetsockopt(sock, SOL_SOCKET, SO_REUSEADDR, 1); + SBind(sock, local); + SListen(sock, 5); + auto launch = [sock, local, password, apiKey, customHeaders, acl]() { + if (password) { + auto holder = make_unique(std::string(*password), false); + if (!holder->wasHashed() && holder->isHashingAvailable()) { + infolog("Passing a plain-text password to 'webserver()' is deprecated, please use 'setWebserverConfig()' instead and consider generating a hashed password using 'hashPassword()'."); + } + + setWebserverPassword(std::move(holder)); + } + + if (apiKey) { + auto holder = make_unique(std::string(*apiKey), false); + setWebserverAPIKey(std::move(holder)); + } + + if (customHeaders) { + setWebserverCustomHeaders(customHeaders); + } + + if (acl) { + setWebserverACL(*acl); + } + thread t(dnsdistWebserverThread, sock, local); + t.detach(); + }; + if (g_launchWork) { + g_launchWork->push_back(launch); + } + else { + launch(); + } + } + catch (const std::exception& e) { + g_outputBuffer = "Unable to bind to webserver socket on " + local.toStringWithPort() + ": " + e.what(); + errlog("Unable to bind to webserver socket on %s: %s", local.toStringWithPort(), e.what()); + } + }); + + typedef std::unordered_map>> webserveropts_t; + + luaCtx.writeFunction("setWebserverConfig", [](boost::optional vars) { + setLuaSideEffect(); + + if (!vars) { + return; + } + + bool hashPlaintextCredentials = false; + if (vars->count("hashPlaintextCredentials")) { + hashPlaintextCredentials = boost::get(vars->at("hashPlaintextCredentials")); + } + + if (vars->count("password")) { + std::string password = boost::get(vars->at("password")); + auto holder = make_unique(std::move(password), hashPlaintextCredentials); + if (!holder->wasHashed() && holder->isHashingAvailable()) { + infolog("Passing a plain-text password via the 'password' parameter to 'setWebserverConfig()' is not advised, please consider generating a hashed one using 'hashPassword()' instead."); + } + + setWebserverPassword(std::move(holder)); + } + + if (vars->count("apiKey")) { + std::string apiKey = boost::get(vars->at("apiKey")); + auto holder = make_unique(std::move(apiKey), hashPlaintextCredentials); + if (!holder->wasHashed() && holder->isHashingAvailable()) { + infolog("Passing a plain-text API key via the 'apiKey' parameter to 'setWebserverConfig()' is not advised, please consider generating a hashed one using 'hashPassword()' instead."); + } + + setWebserverAPIKey(std::move(holder)); + } + + if (vars->count("acl")) { + const std::string acl = boost::get(vars->at("acl")); + + setWebserverACL(acl); + } + + if (vars->count("customHeaders")) { + const boost::optional> headers = boost::get>(vars->at("customHeaders")); + + setWebserverCustomHeaders(headers); + } + + if (vars->count("statsRequireAuthentication")) { + setWebserverStatsRequireAuthentication(boost::get(vars->at("statsRequireAuthentication"))); + } + + if (vars->count("maxConcurrentConnections")) { + setWebserverMaxConcurrentConnections(std::stoi(boost::get(vars->at("maxConcurrentConnections")))); + } + }); + + luaCtx.writeFunction("showWebserverConfig", []() { + setLuaNoSideEffect(); + return getWebserverConfig(); + }); + + luaCtx.writeFunction("hashPassword", [](const std::string& password, boost::optional workFactor) { + if (workFactor) { + return hashPassword(password, *workFactor, CredentialsHolder::s_defaultParallelFactor, CredentialsHolder::s_defaultBlockSize); + } + return hashPassword(password); + }); + + luaCtx.writeFunction("controlSocket", [client, configCheck](const std::string& str) { + setLuaSideEffect(); + ComboAddress local(str, 5199); + + if (client || configCheck) { + g_serverControl = local; + return; + } + + g_consoleEnabled = true; +#ifdef HAVE_LIBSODIUM + if (g_configurationDone && g_consoleKey.empty()) { + warnlog("Warning, the console has been enabled via 'controlSocket()' but no key has been set with 'setKey()' so all connections will fail until a key has been set"); + } +#endif + + try { + int sock = SSocket(local.sin4.sin_family, SOCK_STREAM, 0); + SSetsockopt(sock, SOL_SOCKET, SO_REUSEADDR, 1); + SBind(sock, local); + SListen(sock, 5); + auto launch = [sock, local]() { + thread t(controlThread, sock, local); + t.detach(); + }; + if (g_launchWork) { + g_launchWork->push_back(launch); + } + else { + launch(); + } + } + catch (std::exception& e) { + g_outputBuffer = "Unable to bind to control socket on " + local.toStringWithPort() + ": " + e.what(); + errlog("Unable to bind to control socket on %s: %s", local.toStringWithPort(), e.what()); + } + }); + + luaCtx.writeFunction("addConsoleACL", [](const std::string& netmask) { + setLuaSideEffect(); +#ifndef HAVE_LIBSODIUM + warnlog("Allowing remote access to the console while libsodium support has not been enabled is not secure, and will result in cleartext communications"); +#endif + + g_consoleACL.modify([netmask](NetmaskGroup& nmg) { nmg.addMask(netmask); }); + }); + + luaCtx.writeFunction("setConsoleACL", [](boost::variant>> inp) { + setLuaSideEffect(); + +#ifndef HAVE_LIBSODIUM + warnlog("Allowing remote access to the console while libsodium support has not been enabled is not secure, and will result in cleartext communications"); +#endif + + NetmaskGroup nmg; + if (auto str = boost::get(&inp)) { + nmg.addMask(*str); + } + else + for (const auto& p : boost::get>>(inp)) { + nmg.addMask(p.second); + } + g_consoleACL.setState(nmg); + }); + + luaCtx.writeFunction("showConsoleACL", []() { + setLuaNoSideEffect(); + +#ifndef HAVE_LIBSODIUM + warnlog("Allowing remote access to the console while libsodium support has not been enabled is not secure, and will result in cleartext communications"); +#endif + + vector vec; + g_consoleACL.getLocal()->toStringVector(&vec); + + for (const auto& s : vec) { + g_outputBuffer += s + "\n"; + } + }); + + luaCtx.writeFunction("setConsoleMaximumConcurrentConnections", [](size_t max) { + setLuaSideEffect(); + setConsoleMaximumConcurrentConnections(max); + }); + + luaCtx.writeFunction("clearQueryCounters", []() { + unsigned int size{0}; + { + auto records = g_qcount.records.write_lock(); + size = records->size(); + records->clear(); + } + + boost::format fmt("%d records cleared from query counter buffer\n"); + g_outputBuffer = (fmt % size).str(); + }); + + luaCtx.writeFunction("getQueryCounters", [](boost::optional optMax) { + setLuaNoSideEffect(); + auto records = g_qcount.records.read_lock(); + g_outputBuffer = "query counting is currently: "; + g_outputBuffer += g_qcount.enabled ? "enabled" : "disabled"; + g_outputBuffer += (boost::format(" (%d records in buffer)\n") % records->size()).str(); + + boost::format fmt("%-3d %s: %d request(s)\n"); + unsigned int max = optMax ? *optMax : 10; + unsigned int index{1}; + for (auto it = records->begin(); it != records->end() && index <= max; ++it, ++index) { + g_outputBuffer += (fmt % index % it->first % it->second).str(); + } + }); + + luaCtx.writeFunction("setQueryCount", [](bool enabled) { g_qcount.enabled = enabled; }); + + luaCtx.writeFunction("setQueryCountFilter", [](QueryCountFilter func) { + g_qcount.filter = func; + }); + + luaCtx.writeFunction("makeKey", []() { + setLuaNoSideEffect(); + g_outputBuffer = "setKey(" + newKey() + ")\n"; + }); + + luaCtx.writeFunction("setKey", [](const std::string& key) { + if (!g_configurationDone && !g_consoleKey.empty()) { // this makes sure the commandline -k key prevails over dnsdist.conf + return; // but later setKeys() trump the -k value again + } +#ifndef HAVE_LIBSODIUM + warnlog("Calling setKey() while libsodium support has not been enabled is not secure, and will result in cleartext communications"); +#endif + + setLuaSideEffect(); + string newkey; + if (B64Decode(key, newkey) < 0) { + g_outputBuffer = string("Unable to decode ") + key + " as Base64"; + errlog("%s", g_outputBuffer); + } + else + g_consoleKey = newkey; + }); + + luaCtx.writeFunction("clearConsoleHistory", []() { + clearConsoleHistory(); + }); + + luaCtx.writeFunction("testCrypto", [](boost::optional optTestMsg) { + setLuaNoSideEffect(); +#ifdef HAVE_LIBSODIUM + try { + string testmsg; + + if (optTestMsg) { + testmsg = *optTestMsg; + } + else { + testmsg = "testStringForCryptoTests"; + } + + SodiumNonce sn, sn2; + sn.init(); + sn2 = sn; + string encrypted = sodEncryptSym(testmsg, g_consoleKey, sn); + string decrypted = sodDecryptSym(encrypted, g_consoleKey, sn2); + + sn.increment(); + sn2.increment(); + + encrypted = sodEncryptSym(testmsg, g_consoleKey, sn); + decrypted = sodDecryptSym(encrypted, g_consoleKey, sn2); + + if (testmsg == decrypted) + g_outputBuffer = "Everything is ok!\n"; + else + g_outputBuffer = "Crypto failed.. (the decoded value does not match the cleartext one)\n"; + } + catch (const std::exception& e) { + g_outputBuffer = "Crypto failed: " + std::string(e.what()) + "\n"; + } + catch (...) { + g_outputBuffer = "Crypto failed..\n"; + } +#else + g_outputBuffer = "Crypto not available.\n"; +#endif + }); + + luaCtx.writeFunction("setTCPRecvTimeout", [](int timeout) { g_tcpRecvTimeout = timeout; }); + + luaCtx.writeFunction("setTCPSendTimeout", [](int timeout) { g_tcpSendTimeout = timeout; }); + + luaCtx.writeFunction("setUDPTimeout", [](int timeout) { g_udpTimeout = timeout; }); + + luaCtx.writeFunction("setMaxUDPOutstanding", [](uint64_t max) { + if (!g_configurationDone) { + checkParameterBound("setMaxUDPOutstanding", max); + g_maxOutstanding = max; + } + else { + g_outputBuffer = "Max UDP outstanding cannot be altered at runtime!\n"; + } + }); + + luaCtx.writeFunction("setMaxTCPClientThreads", [](uint64_t max) { + if (!g_configurationDone) { + g_maxTCPClientThreads = max; + } + else { + g_outputBuffer = "Maximum TCP client threads count cannot be altered at runtime!\n"; + } + }); + + luaCtx.writeFunction("setMaxTCPQueuedConnections", [](uint64_t max) { + if (!g_configurationDone) { + g_maxTCPQueuedConnections = max; + } + else { + g_outputBuffer = "The maximum number of queued TCP connections cannot be altered at runtime!\n"; + } + }); + + luaCtx.writeFunction("setMaxTCPQueriesPerConnection", [](size_t max) { + if (!g_configurationDone) { + g_maxTCPQueriesPerConn = max; + } + else { + g_outputBuffer = "The maximum number of queries per TCP connection cannot be altered at runtime!\n"; + } + }); + + luaCtx.writeFunction("setMaxTCPConnectionsPerClient", [](size_t max) { + if (!g_configurationDone) { + g_maxTCPConnectionsPerClient = max; + } + else { + g_outputBuffer = "The maximum number of TCP connection per client cannot be altered at runtime!\n"; + } + }); + + luaCtx.writeFunction("setMaxTCPConnectionDuration", [](size_t max) { + if (!g_configurationDone) { + g_maxTCPConnectionDuration = max; + } + else { + g_outputBuffer = "The maximum duration of a TCP connection cannot be altered at runtime!\n"; + } + }); + + luaCtx.writeFunction("setMaxCachedTCPConnectionsPerDownstream", [](size_t max) { + DownstreamTCPConnectionsManager::setMaxIdleConnectionsPerDownstream(max); + }); + + luaCtx.writeFunction("setMaxIdleDoHConnectionsPerDownstream", [](size_t max) { + setDoHDownstreamMaxIdleConnectionsPerBackend(max); + }); + + luaCtx.writeFunction("setOutgoingDoHWorkerThreads", [](uint64_t workers) { + if (!g_configurationDone) { + g_outgoingDoHWorkerThreads = workers; + } + else { + g_outputBuffer = "The amount of outgoing DoH worker threads cannot be altered at runtime!\n"; + } + }); + + luaCtx.writeFunction("setOutgoingTLSSessionsCacheMaxTicketsPerBackend", [](uint64_t max) { + if (g_configurationDone) { + g_outputBuffer = "setOutgoingTLSSessionsCacheMaxTicketsPerBackend() cannot be called at runtime!\n"; + return; + } + TLSSessionCache::setMaxTicketsPerBackend(max); + }); + + luaCtx.writeFunction("setOutgoingTLSSessionsCacheCleanupDelay", [](time_t delay) { + if (g_configurationDone) { + g_outputBuffer = "setOutgoingTLSSessionsCacheCleanupDelay() cannot be called at runtime!\n"; + return; + } + TLSSessionCache::setCleanupDelay(delay); + }); + + luaCtx.writeFunction("setOutgoingTLSSessionsCacheMaxTicketValidity", [](time_t validity) { + if (g_configurationDone) { + g_outputBuffer = "setOutgoingTLSSessionsCacheMaxTicketValidity() cannot be called at runtime!\n"; + return; + } + TLSSessionCache::setSessionValidity(validity); + }); + + luaCtx.writeFunction("getOutgoingTLSSessionCacheSize", []() { + setLuaNoSideEffect(); + return g_sessionCache.getSize(); + }); + + luaCtx.writeFunction("setCacheCleaningDelay", [](uint64_t delay) { + checkParameterBound("setCacheCleaningDelay", delay, std::numeric_limits::max()); + g_cacheCleaningDelay = delay; + }); + + luaCtx.writeFunction("setCacheCleaningPercentage", [](uint16_t percentage) { if (percentage < 100) g_cacheCleaningPercentage = percentage; else g_cacheCleaningPercentage = 100; }); + + luaCtx.writeFunction("setECSSourcePrefixV4", [](uint16_t prefix) { g_ECSSourcePrefixV4 = prefix; }); + + luaCtx.writeFunction("setECSSourcePrefixV6", [](uint16_t prefix) { g_ECSSourcePrefixV6 = prefix; }); + + luaCtx.writeFunction("setECSOverride", [](bool override) { g_ECSOverride = override; }); + + luaCtx.writeFunction("showDynBlocks", []() { + setLuaNoSideEffect(); + auto slow = g_dynblockNMG.getCopy(); + struct timespec now; + gettime(&now); + boost::format fmt("%-24s %8d %8d %-10s %-20s %s\n"); + g_outputBuffer = (fmt % "What" % "Seconds" % "Blocks" % "Warning" % "Action" % "Reason").str(); + for (const auto& e : slow) { + if (now < e.second.until) { + uint64_t counter = e.second.blocks; + if (g_defaultBPFFilter && e.second.bpf) { + counter += g_defaultBPFFilter->getHits(e.first.getNetwork()); + } + g_outputBuffer += (fmt % e.first.toString() % (e.second.until.tv_sec - now.tv_sec) % counter % (e.second.warning ? "true" : "false") % DNSAction::typeToString(e.second.action != DNSAction::Action::None ? e.second.action : g_dynBlockAction) % e.second.reason).str(); + } + } + auto slow2 = g_dynblockSMT.getCopy(); + slow2.visit([&now, &fmt](const SuffixMatchTree& node) { + if (now < node.d_value.until) { + string dom("empty"); + if (!node.d_value.domain.empty()) + dom = node.d_value.domain.toString(); + g_outputBuffer += (fmt % dom % (node.d_value.until.tv_sec - now.tv_sec) % node.d_value.blocks % (node.d_value.warning ? "true" : "false") % DNSAction::typeToString(node.d_value.action != DNSAction::Action::None ? node.d_value.action : g_dynBlockAction) % node.d_value.reason).str(); + } + }); + }); + + luaCtx.writeFunction("clearDynBlocks", []() { + setLuaSideEffect(); + nmts_t nmg; + g_dynblockNMG.setState(nmg); + SuffixMatchTree smt; + g_dynblockSMT.setState(smt); + }); + + luaCtx.writeFunction("addDynBlocks", + [](const std::unordered_map& m, const std::string& msg, boost::optional seconds, boost::optional action) { + if (m.empty()) { + return; + } + setLuaSideEffect(); + auto slow = g_dynblockNMG.getCopy(); + struct timespec until, now; + gettime(&now); + until = now; + int actualSeconds = seconds ? *seconds : 10; + until.tv_sec += actualSeconds; + for (const auto& capair : m) { + unsigned int count = 0; + /* this legacy interface does not support ranges or ports, use DynBlockRulesGroup instead */ + AddressAndPortRange requestor(capair.first, capair.first.isIPv4() ? 32 : 128, 0); + auto got = slow.lookup(requestor); + bool expired = false; + if (got) { + if (until < got->second.until) { + // had a longer policy + continue; + } + if (now < got->second.until) { + // only inherit count on fresh query we are extending + count = got->second.blocks; + } + else { + expired = true; + } + } + DynBlock db{msg, until, DNSName(), (action ? *action : DNSAction::Action::None)}; + db.blocks = count; + if (!got || expired) { + warnlog("Inserting dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg); + } + slow.insert(requestor).second = db; + } + g_dynblockNMG.setState(slow); + }); + + luaCtx.writeFunction("addDynBlockSMT", + [](const vector>& names, const std::string& msg, boost::optional seconds, boost::optional action) { + if (names.empty()) { + return; + } + setLuaSideEffect(); + auto slow = g_dynblockSMT.getCopy(); + struct timespec until, now; + gettime(&now); + until = now; + int actualSeconds = seconds ? *seconds : 10; + until.tv_sec += actualSeconds; + + for (const auto& capair : names) { + unsigned int count = 0; + DNSName domain(capair.second); + domain.makeUsLowerCase(); + auto got = slow.lookup(domain); + bool expired = false; + if (got) { + if (until < got->until) // had a longer policy + continue; + if (now < got->until) // only inherit count on fresh query we are extending + count = got->blocks; + else + expired = true; + } + + DynBlock db{msg, until, domain, (action ? *action : DNSAction::Action::None)}; + db.blocks = count; + if (!got || expired) + warnlog("Inserting dynamic block for %s for %d seconds: %s", domain, actualSeconds, msg); + slow.add(domain, std::move(db)); + } + g_dynblockSMT.setState(slow); + }); + + luaCtx.writeFunction("setDynBlocksAction", [](DNSAction::Action action) { + if (!g_configurationDone) { + if (action == DNSAction::Action::Drop || action == DNSAction::Action::NoOp || action == DNSAction::Action::Nxdomain || action == DNSAction::Action::Refused || action == DNSAction::Action::Truncate || action == DNSAction::Action::NoRecurse) { + g_dynBlockAction = action; + } + else { + errlog("Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused, Truncate or NoRecurse!"); + g_outputBuffer = "Dynamic blocks action can only be Drop, NoOp, NXDomain, Refused, Truncate or NoRecurse!\n"; + } + } + else { + g_outputBuffer = "Dynamic blocks action cannot be altered at runtime!\n"; + } + }); + + luaCtx.writeFunction("setDynBlocksPurgeInterval", [](unsigned int interval) { + DynBlockMaintenance::s_expiredDynBlocksPurgeInterval = interval; + }); + + luaCtx.writeFunction("addDNSCryptBind", [](const std::string& addr, const std::string& providerName, boost::variant>> certFiles, boost::variant>> keyFiles, boost::optional vars) { + if (g_configurationDone) { + g_outputBuffer = "addDNSCryptBind cannot be used at runtime!\n"; + return; + } +#ifdef HAVE_DNSCRYPT + bool reusePort = false; + int tcpFastOpenQueueSize = 0; + int tcpListenQueueSize = 0; + size_t maxInFlightQueriesPerConn = 0; + size_t tcpMaxConcurrentConnections = 0; + std::string interface; + std::set cpus; + std::vector certKeys; + + parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn, tcpMaxConcurrentConnections); + + if (certFiles.type() == typeid(std::string) && keyFiles.type() == typeid(std::string)) { + auto certFile = boost::get(certFiles); + auto keyFile = boost::get(keyFiles); + certKeys.push_back({certFile, keyFile}); + } + else if (certFiles.type() == typeid(std::vector>) && keyFiles.type() == typeid(std::vector>)) { + auto certFilesVect = boost::get>>(certFiles); + auto keyFilesVect = boost::get>>(keyFiles); + if (certFilesVect.size() == keyFilesVect.size()) { + for (size_t idx = 0; idx < certFilesVect.size(); idx++) { + certKeys.push_back({certFilesVect.at(idx).second, keyFilesVect.at(idx).second}); + } + } + else { + errlog("Error, mismatching number of certificates and keys in call to addDNSCryptBind!"); + g_outputBuffer = "Error, mismatching number of certificates and keys in call to addDNSCryptBind()!"; + return; + } + } + else { + errlog("Error, mismatching number of certificates and keys in call to addDNSCryptBind()!"); + g_outputBuffer = "Error, mismatching number of certificates and keys in call to addDNSCryptBind()!"; + return; + } + + try { + auto ctx = std::make_shared(providerName, certKeys); + + /* UDP */ + auto cs = std::make_unique(ComboAddress(addr, 443), false, reusePort, tcpFastOpenQueueSize, interface, cpus); + cs->dnscryptCtx = ctx; + g_dnsCryptLocals.push_back(ctx); + g_frontends.push_back(std::move(cs)); + + /* TCP */ + cs = std::make_unique(ComboAddress(addr, 443), true, reusePort, tcpFastOpenQueueSize, interface, cpus); + cs->dnscryptCtx = ctx; + if (tcpListenQueueSize > 0) { + cs->tcpListenQueueSize = tcpListenQueueSize; + } + if (maxInFlightQueriesPerConn > 0) { + cs->d_maxInFlightQueriesPerConn = maxInFlightQueriesPerConn; + } + if (tcpMaxConcurrentConnections > 0) { + cs->d_tcpConcurrentConnectionsLimit = tcpMaxConcurrentConnections; + } + + g_frontends.push_back(std::move(cs)); + } + catch (std::exception& e) { + errlog(e.what()); + g_outputBuffer = "Error: " + string(e.what()) + "\n"; + } +#else + g_outputBuffer = "Error: DNSCrypt support is not enabled.\n"; +#endif + }); + + luaCtx.writeFunction("showDNSCryptBinds", []() { + setLuaNoSideEffect(); +#ifdef HAVE_DNSCRYPT + ostringstream ret; + boost::format fmt("%1$-3d %2% %|25t|%3$-20.20s"); + ret << (fmt % "#" % "Address" % "Provider Name") << endl; + size_t idx = 0; + + std::unordered_set> contexts; + for (const auto& frontend : g_frontends) { + const std::shared_ptr ctx = frontend->dnscryptCtx; + if (!ctx || contexts.count(ctx) != 0) { + continue; + } + contexts.insert(ctx); + ret << (fmt % idx % frontend->local.toStringWithPort() % ctx->getProviderName()) << endl; + idx++; + } + + g_outputBuffer = ret.str(); +#else + g_outputBuffer = "Error: DNSCrypt support is not enabled.\n"; +#endif + }); + + luaCtx.writeFunction("getDNSCryptBind", [](size_t idx) { + setLuaNoSideEffect(); +#ifdef HAVE_DNSCRYPT + std::shared_ptr ret = nullptr; + if (idx < g_dnsCryptLocals.size()) { + ret = g_dnsCryptLocals.at(idx); + } + return ret; +#else + g_outputBuffer = "Error: DNSCrypt support is not enabled.\n"; +#endif + }); + + luaCtx.writeFunction("getDNSCryptBindCount", []() { + setLuaNoSideEffect(); + return g_dnsCryptLocals.size(); + }); + + luaCtx.writeFunction("generateDNSCryptProviderKeys", [client](const std::string& publicKeyFile, const std::string privateKeyFile) { + setLuaNoSideEffect(); +#ifdef HAVE_DNSCRYPT + if (client) { + return; + } + unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]; + unsigned char privateKey[DNSCRYPT_PROVIDER_PRIVATE_KEY_SIZE]; + sodium_mlock(privateKey, sizeof(privateKey)); + + try { + DNSCryptContext::generateProviderKeys(publicKey, privateKey); + + ofstream pubKStream(publicKeyFile); + pubKStream.write((char*)publicKey, sizeof(publicKey)); + pubKStream.close(); + + ofstream privKStream(privateKeyFile); + privKStream.write((char*)privateKey, sizeof(privateKey)); + privKStream.close(); + + g_outputBuffer = "Provider fingerprint is: " + DNSCryptContext::getProviderFingerprint(publicKey) + "\n"; + } + catch (std::exception& e) { + errlog(e.what()); + g_outputBuffer = "Error: " + string(e.what()) + "\n"; + } + + sodium_memzero(privateKey, sizeof(privateKey)); + sodium_munlock(privateKey, sizeof(privateKey)); +#else + g_outputBuffer = "Error: DNSCrypt support is not enabled.\n"; +#endif + }); + + luaCtx.writeFunction("printDNSCryptProviderFingerprint", [](const std::string& publicKeyFile) { + setLuaNoSideEffect(); +#ifdef HAVE_DNSCRYPT + unsigned char publicKey[DNSCRYPT_PROVIDER_PUBLIC_KEY_SIZE]; + + try { + ifstream file(publicKeyFile); + file.read((char*)&publicKey, sizeof(publicKey)); + + if (file.fail()) + throw std::runtime_error("Invalid dnscrypt provider public key file " + publicKeyFile); + + file.close(); + g_outputBuffer = "Provider fingerprint is: " + DNSCryptContext::getProviderFingerprint(publicKey) + "\n"; + } + catch (std::exception& e) { + errlog(e.what()); + g_outputBuffer = "Error: " + string(e.what()) + "\n"; + } +#else + g_outputBuffer = "Error: DNSCrypt support is not enabled.\n"; +#endif + }); + +#ifdef HAVE_DNSCRYPT + luaCtx.writeFunction("generateDNSCryptCertificate", [client](const std::string& providerPrivateKeyFile, const std::string& certificateFile, const std::string privateKeyFile, uint32_t serial, time_t begin, time_t end, boost::optional version) { + setLuaNoSideEffect(); + if (client) { + return; + } + DNSCryptPrivateKey privateKey; + DNSCryptCert cert; + + try { + if (generateDNSCryptCertificate(providerPrivateKeyFile, serial, begin, end, version ? *version : DNSCryptExchangeVersion::VERSION1, cert, privateKey)) { + privateKey.saveToFile(privateKeyFile); + DNSCryptContext::saveCertFromFile(cert, certificateFile); + } + } + catch (const std::exception& e) { + errlog(e.what()); + g_outputBuffer = "Error: " + string(e.what()) + "\n"; + } + }); +#endif + + luaCtx.writeFunction("showPools", []() { + setLuaNoSideEffect(); + try { + ostringstream ret; + boost::format fmt("%1$-20.20s %|25t|%2$20s %|25t|%3$20s %|50t|%4%"); + // 1 2 3 4 + ret << (fmt % "Name" % "Cache" % "ServerPolicy" % "Servers") << endl; + + const auto localPools = g_pools.getCopy(); + for (const auto& entry : localPools) { + const string& name = entry.first; + const std::shared_ptr pool = entry.second; + string cache = pool->packetCache != nullptr ? pool->packetCache->toString() : ""; + string policy = g_policy.getLocal()->getName(); + if (pool->policy != nullptr) { + policy = pool->policy->getName(); + } + string servers; + + const auto poolServers = pool->getServers(); + for (const auto& server : *poolServers) { + if (!servers.empty()) { + servers += ", "; + } + if (!server.second->getName().empty()) { + servers += server.second->getName(); + servers += " "; + } + servers += server.second->remote.toStringWithPort(); + } + + ret << (fmt % name % cache % policy % servers) << endl; + } + g_outputBuffer = ret.str(); + } + catch (std::exception& e) { + g_outputBuffer = e.what(); + throw; + } + }); + + luaCtx.writeFunction("getPool", [client](const string& poolName) { + if (client) { + return std::make_shared(); + } + auto localPools = g_pools.getCopy(); + std::shared_ptr pool = createPoolIfNotExists(localPools, poolName); + g_pools.setState(localPools); + return pool; + }); + + luaCtx.writeFunction("setVerboseHealthChecks", [](bool verbose) { g_verboseHealthChecks = verbose; }); + luaCtx.writeFunction("setStaleCacheEntriesTTL", [](uint64_t ttl) { + checkParameterBound("setStaleCacheEntriesTTL", ttl, std::numeric_limits::max()); + g_staleCacheEntriesTTL = ttl; + }); + + luaCtx.writeFunction("showBinds", []() { + setLuaNoSideEffect(); + try { + ostringstream ret; + boost::format fmt("%1$-3d %2$-20.20s %|35t|%3$-20.20s %|57t|%4%"); + // 1 2 3 4 + ret << (fmt % "#" % "Address" % "Protocol" % "Queries") << endl; + + size_t counter = 0; + for (const auto& front : g_frontends) { + ret << (fmt % counter % front->local.toStringWithPort() % front->getType() % front->queries) << endl; + counter++; + } + g_outputBuffer = ret.str(); + } + catch (std::exception& e) { + g_outputBuffer = e.what(); + throw; + } + }); + + luaCtx.writeFunction("getBind", [](size_t num) { + setLuaNoSideEffect(); + ClientState* ret = nullptr; + if (num < g_frontends.size()) { + ret = g_frontends[num].get(); + } + return ret; + }); + + luaCtx.writeFunction("getBindCount", []() { + setLuaNoSideEffect(); + return g_frontends.size(); + }); + + luaCtx.writeFunction("help", [](boost::optional command) { + setLuaNoSideEffect(); + g_outputBuffer = ""; + for (const auto& keyword : g_consoleKeywords) { + if (!command) { + g_outputBuffer += keyword.toString() + "\n"; + } + else if (keyword.name == command) { + g_outputBuffer = keyword.toString() + "\n"; + return; + } + } + if (command) { + g_outputBuffer = "Nothing found for " + *command + "\n"; + } + }); + + luaCtx.writeFunction("showVersion", []() { + setLuaNoSideEffect(); + g_outputBuffer = "dnsdist " + std::string(VERSION) + "\n"; + }); + + luaCtx.writeFunction("showSecurityStatus", []() { + setLuaNoSideEffect(); + g_outputBuffer = std::to_string(g_stats.securityStatus) + "\n"; + }); + +#ifdef HAVE_EBPF + luaCtx.writeFunction("setDefaultBPFFilter", [](std::shared_ptr bpf) { + if (g_configurationDone) { + g_outputBuffer = "setDefaultBPFFilter() cannot be used at runtime!\n"; + return; + } + g_defaultBPFFilter = bpf; + }); + + luaCtx.writeFunction("registerDynBPFFilter", [](std::shared_ptr dbpf) { + if (dbpf) { + g_dynBPFFilters.push_back(dbpf); + } + }); + + luaCtx.writeFunction("unregisterDynBPFFilter", [](std::shared_ptr dbpf) { + if (dbpf) { + for (auto it = g_dynBPFFilters.begin(); it != g_dynBPFFilters.end(); it++) { + if (*it == dbpf) { + g_dynBPFFilters.erase(it); + break; + } + } + } + }); + + luaCtx.writeFunction("addBPFFilterDynBlocks", [](const std::unordered_map& m, std::shared_ptr dynbpf, boost::optional seconds, boost::optional msg) { + if (!dynbpf) { + return; + } + setLuaSideEffect(); + struct timespec until, now; + clock_gettime(CLOCK_MONOTONIC, &now); + until = now; + int actualSeconds = seconds ? *seconds : 10; + until.tv_sec += actualSeconds; + for (const auto& capair : m) { + if (dynbpf->block(capair.first, until)) { + warnlog("Inserting eBPF dynamic block for %s for %d seconds: %s", capair.first.toString(), actualSeconds, msg ? *msg : ""); + } + } + }); + +#endif /* HAVE_EBPF */ + + luaCtx.writeFunction()>("getStatisticsCounters", []() { + setLuaNoSideEffect(); + std::unordered_map res; + for (const auto& entry : g_stats.entries) { + if (const auto& val = boost::get(&entry.second)) + res[entry.first] = (*val)->load(); + } + return res; + }); + + luaCtx.writeFunction("includeDirectory", [&luaCtx](const std::string& dirname) { + if (g_configurationDone) { + errlog("includeDirectory() cannot be used at runtime!"); + g_outputBuffer = "includeDirectory() cannot be used at runtime!\n"; + return; + } + + if (g_included) { + errlog("includeDirectory() cannot be used recursively!"); + g_outputBuffer = "includeDirectory() cannot be used recursively!\n"; + return; + } + + struct stat st; + if (stat(dirname.c_str(), &st)) { + errlog("The included directory %s does not exist!", dirname.c_str()); + g_outputBuffer = "The included directory " + dirname + " does not exist!"; + return; + } + + if (!S_ISDIR(st.st_mode)) { + errlog("The included directory %s is not a directory!", dirname.c_str()); + g_outputBuffer = "The included directory " + dirname + " is not a directory!"; + return; + } + + DIR* dirp; + struct dirent* ent; + std::list files; + if (!(dirp = opendir(dirname.c_str()))) { + errlog("Error opening the included directory %s!", dirname.c_str()); + g_outputBuffer = "Error opening the included directory " + dirname + "!"; + return; + } + + while ((ent = readdir(dirp)) != NULL) { + if (ent->d_name[0] == '.') { + continue; + } + + if (boost::ends_with(ent->d_name, ".conf")) { + std::ostringstream namebuf; + namebuf << dirname.c_str() << "/" << ent->d_name; + + if (stat(namebuf.str().c_str(), &st) || !S_ISREG(st.st_mode)) { + continue; + } + + files.push_back(namebuf.str()); + } + } + + closedir(dirp); + files.sort(); + + g_included = true; + + for (auto file = files.begin(); file != files.end(); ++file) { + std::ifstream ifs(*file); + if (!ifs) { + warnlog("Unable to read configuration from '%s'", *file); + } + else { + vinfolog("Read configuration from '%s'", *file); + } + + try { + luaCtx.executeCode(ifs); + } + catch (...) { + g_included = false; + throw; + } + + luaCtx.executeCode(ifs); + } + + g_included = false; + }); + + luaCtx.writeFunction("setAPIWritable", [](bool writable, boost::optional apiConfigDir) { + setLuaSideEffect(); + g_apiReadWrite = writable; + if (apiConfigDir) { + if (!(*apiConfigDir).empty()) { + g_apiConfigDirectory = *apiConfigDir; + } + else { + errlog("The API configuration directory value cannot be empty!"); + g_outputBuffer = "The API configuration directory value cannot be empty!"; + } + } + }); + + luaCtx.writeFunction("setServFailWhenNoServer", [](bool servfail) { + setLuaSideEffect(); + g_servFailOnNoPolicy = servfail; + }); + + luaCtx.writeFunction("setRoundRobinFailOnNoServer", [](bool fail) { + setLuaSideEffect(); + g_roundrobinFailOnNoServer = fail; + }); + + luaCtx.writeFunction("setConsistentHashingBalancingFactor", [](double factor) { + setLuaSideEffect(); + if (factor >= 1.0) { + g_consistentHashBalancingFactor = factor; + } + else { + errlog("Invalid value passed to setConsistentHashingBalancingFactor()!"); + g_outputBuffer = "Invalid value passed to setConsistentHashingBalancingFactor()!\n"; + return; + } + }); + + luaCtx.writeFunction("setWeightedBalancingFactor", [](double factor) { + setLuaSideEffect(); + if (factor >= 1.0) { + g_weightedBalancingFactor = factor; + } + else { + errlog("Invalid value passed to setWeightedBalancingFactor()!"); + g_outputBuffer = "Invalid value passed to setWeightedBalancingFactor()!\n"; + return; + } + }); + + luaCtx.writeFunction("setRingBuffersSize", [client](size_t capacity, boost::optional numberOfShards) { + setLuaSideEffect(); + if (g_configurationDone) { + errlog("setRingBuffersSize() cannot be used at runtime!"); + g_outputBuffer = "setRingBuffersSize() cannot be used at runtime!\n"; + return; + } + if (!client) { + g_rings.setCapacity(capacity, numberOfShards ? *numberOfShards : 10); + } + else { + g_rings.setCapacity(0, 1); + } + }); + + luaCtx.writeFunction("setRingBuffersLockRetries", [](size_t retries) { + setLuaSideEffect(); + g_rings.setNumberOfLockRetries(retries); + }); + + luaCtx.writeFunction("setWHashedPertubation", [](uint64_t perturb) { + setLuaSideEffect(); + checkParameterBound("setWHashedPertubation", perturb, std::numeric_limits::max()); + g_hashperturb = perturb; + }); + + luaCtx.writeFunction("setTCPInternalPipeBufferSize", [](size_t size) { g_tcpInternalPipeBufferSize = size; }); + + luaCtx.writeFunction("snmpAgent", [client, configCheck](bool enableTraps, boost::optional daemonSocket) { + if (client || configCheck) + return; +#ifdef HAVE_NET_SNMP + if (g_configurationDone) { + errlog("snmpAgent() cannot be used at runtime!"); + g_outputBuffer = "snmpAgent() cannot be used at runtime!\n"; + return; + } + + if (g_snmpEnabled) { + errlog("snmpAgent() cannot be used twice!"); + g_outputBuffer = "snmpAgent() cannot be used twice!\n"; + return; + } + + g_snmpEnabled = true; + g_snmpTrapsEnabled = enableTraps; + g_snmpAgent = new DNSDistSNMPAgent("dnsdist", daemonSocket ? *daemonSocket : std::string()); +#else + errlog("NET SNMP support is required to use snmpAgent()"); + g_outputBuffer = "NET SNMP support is required to use snmpAgent()\n"; +#endif /* HAVE_NET_SNMP */ + }); + + luaCtx.writeFunction("sendCustomTrap", [](const std::string& str) { + if (g_snmpAgent && g_snmpTrapsEnabled) { + g_snmpAgent->sendCustomTrap(str); + } + }); + + luaCtx.writeFunction("setServerPolicy", [](const ServerPolicy& policy) { + setLuaSideEffect(); + g_policy.setState(policy); + }); + + luaCtx.writeFunction("setServerPolicyLua", [](string name, ServerPolicy::policyfunc_t policy) { + setLuaSideEffect(); + g_policy.setState(ServerPolicy{name, policy, true}); + }); + + luaCtx.writeFunction("setServerPolicyLuaFFI", [](string name, ServerPolicy::ffipolicyfunc_t policy) { + setLuaSideEffect(); + auto pol = ServerPolicy(name, policy); + g_policy.setState(std::move(pol)); + }); + + luaCtx.writeFunction("setServerPolicyLuaFFIPerThread", [](string name, const std::string& policyCode) { + setLuaSideEffect(); + auto pol = ServerPolicy(name, policyCode); + g_policy.setState(std::move(pol)); + }); + + luaCtx.writeFunction("showServerPolicy", []() { + setLuaSideEffect(); + g_outputBuffer = g_policy.getLocal()->getName() + "\n"; + }); + + luaCtx.writeFunction("setPoolServerPolicy", [](ServerPolicy policy, string pool) { + setLuaSideEffect(); + auto localPools = g_pools.getCopy(); + setPoolPolicy(localPools, pool, std::make_shared(policy)); + g_pools.setState(localPools); + }); + + luaCtx.writeFunction("setPoolServerPolicyLua", [](string name, ServerPolicy::policyfunc_t policy, string pool) { + setLuaSideEffect(); + auto localPools = g_pools.getCopy(); + setPoolPolicy(localPools, pool, std::make_shared(ServerPolicy{name, policy, true})); + g_pools.setState(localPools); + }); + + luaCtx.writeFunction("setPoolServerPolicyLuaFFI", [](string name, ServerPolicy::ffipolicyfunc_t policy, string pool) { + setLuaSideEffect(); + auto localPools = g_pools.getCopy(); + setPoolPolicy(localPools, pool, std::make_shared(ServerPolicy{name, policy})); + g_pools.setState(localPools); + }); + + luaCtx.writeFunction("setPoolServerPolicyLuaFFIPerThread", [](string name, const std::string& policyCode, string pool) { + setLuaSideEffect(); + auto localPools = g_pools.getCopy(); + setPoolPolicy(localPools, pool, std::make_shared(ServerPolicy{name, policyCode})); + g_pools.setState(localPools); + }); + + luaCtx.writeFunction("showPoolServerPolicy", [](string pool) { + setLuaSideEffect(); + auto localPools = g_pools.getCopy(); + auto poolObj = getPool(localPools, pool); + if (poolObj->policy == nullptr) { + g_outputBuffer = g_policy.getLocal()->getName() + "\n"; + } + else { + g_outputBuffer = poolObj->policy->getName() + "\n"; + } + }); + + luaCtx.writeFunction("setTCPDownstreamCleanupInterval", [](uint64_t interval) { + setLuaSideEffect(); + checkParameterBound("setTCPDownstreamCleanupInterval", interval); + DownstreamTCPConnectionsManager::setCleanupInterval(interval); + }); + + luaCtx.writeFunction("setDoHDownstreamCleanupInterval", [](uint64_t interval) { + setLuaSideEffect(); + checkParameterBound("setDoHDownstreamCleanupInterval", interval); + setDoHDownstreamCleanupInterval(interval); + }); + + luaCtx.writeFunction("setTCPDownstreamMaxIdleTime", [](uint64_t max) { + setLuaSideEffect(); + checkParameterBound("setTCPDownstreamMaxIdleTime", max); + DownstreamTCPConnectionsManager::setMaxIdleTime(max); + }); + + luaCtx.writeFunction("setDoHDownstreamMaxIdleTime", [](uint64_t max) { + setLuaSideEffect(); + checkParameterBound("setDoHDownstreamMaxIdleTime", max); + setDoHDownstreamMaxIdleTime(max); + }); + + luaCtx.writeFunction("setConsoleConnectionsLogging", [](bool enabled) { + g_logConsoleConnections = enabled; + }); + + luaCtx.writeFunction("setConsoleOutputMaxMsgSize", [](uint64_t size) { + checkParameterBound("setConsoleOutputMaxMsgSize", size, std::numeric_limits::max()); + g_consoleOutputMsgMaxSize = size; + }); + + luaCtx.writeFunction("setProxyProtocolACL", [](boost::variant>> inp) { + if (g_configurationDone) { + errlog("setProxyProtocolACL() cannot be used at runtime!"); + g_outputBuffer = "setProxyProtocolACL() cannot be used at runtime!\n"; + return; + } + setLuaSideEffect(); + NetmaskGroup nmg; + if (auto str = boost::get(&inp)) { + nmg.addMask(*str); + } + else { + for (const auto& p : boost::get>>(inp)) { + nmg.addMask(p.second); + } + } + g_proxyProtocolACL = std::move(nmg); + }); + + luaCtx.writeFunction("setProxyProtocolApplyACLToProxiedClients", [](bool apply) { + if (g_configurationDone) { + errlog("setProxyProtocolApplyACLToProxiedClients() cannot be used at runtime!"); + g_outputBuffer = "setProxyProtocolApplyACLToProxiedClients() cannot be used at runtime!\n"; + return; + } + setLuaSideEffect(); + g_applyACLToProxiedClients = apply; + }); + + luaCtx.writeFunction("setProxyProtocolMaximumPayloadSize", [](size_t size) { + if (g_configurationDone) { + errlog("setProxyProtocolMaximumPayloadSize() cannot be used at runtime!"); + g_outputBuffer = "setProxyProtocolMaximumPayloadSize() cannot be used at runtime!\n"; + return; + } + setLuaSideEffect(); + g_proxyProtocolMaximumSize = std::max(static_cast(16), size); + }); + + luaCtx.writeFunction("setUDPMultipleMessagesVectorSize", [](size_t vSize) { + if (g_configurationDone) { + errlog("setUDPMultipleMessagesVectorSize() cannot be used at runtime!"); + g_outputBuffer = "setUDPMultipleMessagesVectorSize() cannot be used at runtime!\n"; + return; + } +#if defined(HAVE_RECVMMSG) && defined(HAVE_SENDMMSG) && defined(MSG_WAITFORONE) + setLuaSideEffect(); + g_udpVectorSize = vSize; +#else + errlog("recvmmsg() support is not available!"); + g_outputBuffer = "recvmmsg support is not available!\n"; +#endif + }); + + luaCtx.writeFunction("setAddEDNSToSelfGeneratedResponses", [](bool add) { + g_addEDNSToSelfGeneratedResponses = add; + }); + + luaCtx.writeFunction("setPayloadSizeOnSelfGeneratedAnswers", [](uint16_t payloadSize) { + if (payloadSize < 512) { + warnlog("setPayloadSizeOnSelfGeneratedAnswers() is set too low, using 512 instead!"); + g_outputBuffer = "setPayloadSizeOnSelfGeneratedAnswers() is set too low, using 512 instead!"; + payloadSize = 512; + } + if (payloadSize > s_udpIncomingBufferSize) { + warnlog("setPayloadSizeOnSelfGeneratedAnswers() is set too high, capping to %d instead!", s_udpIncomingBufferSize); + g_outputBuffer = "setPayloadSizeOnSelfGeneratedAnswers() is set too high, capping to " + std::to_string(s_udpIncomingBufferSize) + " instead"; + payloadSize = s_udpIncomingBufferSize; + } + g_PayloadSizeSelfGenAnswers = payloadSize; + }); + + luaCtx.writeFunction("setSecurityPollSuffix", [](const std::string& suffix) { + if (g_configurationDone) { + g_outputBuffer = "setSecurityPollSuffix() cannot be used at runtime!\n"; + return; + } + + g_secPollSuffix = suffix; + }); + + luaCtx.writeFunction("setSecurityPollInterval", [](time_t newInterval) { + if (newInterval <= 0) { + warnlog("setSecurityPollInterval() should be > 0, skipping"); + g_outputBuffer = "setSecurityPollInterval() should be > 0, skipping"; + } + + g_secPollInterval = newInterval; + }); + + luaCtx.writeFunction("setSyslogFacility", [](boost::variant facility) { + setLuaSideEffect(); + if (g_configurationDone) { + g_outputBuffer = "setSyslogFacility cannot be used at runtime!\n"; + return; + } + if (facility.type() == typeid(std::string)) { + static std::map const facilities = { + {"local0", LOG_LOCAL0}, + {"log_local0", LOG_LOCAL0}, + {"local1", LOG_LOCAL1}, + {"log_local1", LOG_LOCAL1}, + {"local2", LOG_LOCAL2}, + {"log_local2", LOG_LOCAL2}, + {"local3", LOG_LOCAL3}, + {"log_local3", LOG_LOCAL3}, + {"local4", LOG_LOCAL4}, + {"log_local4", LOG_LOCAL4}, + {"local5", LOG_LOCAL5}, + {"log_local5", LOG_LOCAL5}, + {"local6", LOG_LOCAL6}, + {"log_local6", LOG_LOCAL6}, + {"local7", LOG_LOCAL7}, + {"log_local7", LOG_LOCAL7}, + /* most of these likely make very little sense + for dnsdist, but why not? */ + {"kern", LOG_KERN}, + {"log_kern", LOG_KERN}, + {"user", LOG_USER}, + {"log_user", LOG_USER}, + {"mail", LOG_MAIL}, + {"log_mail", LOG_MAIL}, + {"daemon", LOG_DAEMON}, + {"log_daemon", LOG_DAEMON}, + {"auth", LOG_AUTH}, + {"log_auth", LOG_AUTH}, + {"syslog", LOG_SYSLOG}, + {"log_syslog", LOG_SYSLOG}, + {"lpr", LOG_LPR}, + {"log_lpr", LOG_LPR}, + {"news", LOG_NEWS}, + {"log_news", LOG_NEWS}, + {"uucp", LOG_UUCP}, + {"log_uucp", LOG_UUCP}, + {"cron", LOG_CRON}, + {"log_cron", LOG_CRON}, + {"authpriv", LOG_AUTHPRIV}, + {"log_authpriv", LOG_AUTHPRIV}, + {"ftp", LOG_FTP}, + {"log_ftp", LOG_FTP}}; + auto facilityStr = boost::get(facility); + toLowerInPlace(facilityStr); + auto it = facilities.find(facilityStr); + if (it == facilities.end()) { + g_outputBuffer = "Unknown facility '" + facilityStr + "' passed to setSyslogFacility()!\n"; + return; + } + setSyslogFacility(it->second); + } + else { + setSyslogFacility(boost::get(facility)); + } + }); + + luaCtx.writeFunction("addDOHLocal", [client](const std::string& addr, boost::optional>>> certFiles, boost::optional>>> keyFiles, boost::optional>>> urls, boost::optional vars) { + if (client) { + return; + } +#ifdef HAVE_DNS_OVER_HTTPS + setLuaSideEffect(); + if (g_configurationDone) { + g_outputBuffer = "addDOHLocal cannot be used at runtime!\n"; + return; + } + auto frontend = std::make_shared(); + + if (certFiles && !certFiles->empty() && keyFiles && !keyFiles->empty()) { + if (!loadTLSCertificateAndKeys("addDOHLocal", frontend->d_tlsConfig.d_certKeyPairs, *certFiles, *keyFiles)) { + return; + } + + frontend->d_local = ComboAddress(addr, 443); + } + else { + frontend->d_local = ComboAddress(addr, 80); + infolog("No certificate provided for DoH endpoint %s, running in DNS over HTTP mode instead of DNS over HTTPS", frontend->d_local.toStringWithPort()); + } + + if (urls) { + if (urls->type() == typeid(std::string)) { + frontend->d_urls.push_back(boost::get(*urls)); + } + else if (urls->type() == typeid(std::vector>)) { + auto urlsVect = boost::get>>(*urls); + for (const auto& p : urlsVect) { + frontend->d_urls.push_back(p.second); + } + } + } + else { + frontend->d_urls = {"/dns-query"}; + } + + bool reusePort = false; + int tcpFastOpenQueueSize = 0; + int tcpListenQueueSize = 0; + size_t maxInFlightQueriesPerConn = 0; + size_t tcpMaxConcurrentConnections = 0; + std::string interface; + std::set cpus; + + if (vars) { + parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn, tcpMaxConcurrentConnections); + + if (vars->count("idleTimeout")) { + frontend->d_idleTimeout = boost::get((*vars)["idleTimeout"]); + } + + if (vars->count("serverTokens")) { + frontend->d_serverTokens = boost::get((*vars)["serverTokens"]); + } + + if (vars->count("customResponseHeaders")) { + for (auto const& headerMap : boost::get>((*vars).at("customResponseHeaders"))) { + frontend->d_customResponseHeaders.emplace_back(boost::to_lower_copy(headerMap.first), headerMap.second); + } + } + + if (vars->count("sendCacheControlHeaders")) { + frontend->d_sendCacheControlHeaders = boost::get((*vars)["sendCacheControlHeaders"]); + } + + if (vars->count("trustForwardedForHeader")) { + frontend->d_trustForwardedForHeader = boost::get((*vars)["trustForwardedForHeader"]); + } + + if (vars->count("internalPipeBufferSize")) { + frontend->d_internalPipeBufferSize = boost::get((*vars)["internalPipeBufferSize"]); + } + + if (vars->count("exactPathMatching")) { + frontend->d_exactPathMatching = boost::get((*vars)["exactPathMatching"]); + } + + parseTLSConfig(frontend->d_tlsConfig, "addDOHLocal", vars); + } + g_dohlocals.push_back(frontend); + auto cs = std::make_unique(frontend->d_local, true, reusePort, tcpFastOpenQueueSize, interface, cpus); + cs->dohFrontend = frontend; + if (tcpListenQueueSize > 0) { + cs->tcpListenQueueSize = tcpListenQueueSize; + } + if (tcpMaxConcurrentConnections > 0) { + cs->d_tcpConcurrentConnectionsLimit = tcpMaxConcurrentConnections; + } + g_frontends.push_back(std::move(cs)); +#else + throw std::runtime_error("addDOHLocal() called but DNS over HTTPS support is not present!"); +#endif + }); + + luaCtx.writeFunction("showDOHFrontends", []() { +#ifdef HAVE_DNS_OVER_HTTPS + setLuaNoSideEffect(); + try { + ostringstream ret; + boost::format fmt("%-3d %-20.20s %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d %-15d"); + ret << (fmt % "#" % "Address" % "HTTP" % "HTTP/1" % "HTTP/2" % "GET" % "POST" % "Bad" % "Errors" % "Redirects" % "Valid" % "# ticket keys" % "Rotation delay" % "Next rotation") << endl; + size_t counter = 0; + for (const auto& ctx : g_dohlocals) { + ret << (fmt % counter % ctx->d_local.toStringWithPort() % ctx->d_httpconnects % ctx->d_http1Stats.d_nbQueries % ctx->d_http2Stats.d_nbQueries % ctx->d_getqueries % ctx->d_postqueries % ctx->d_badrequests % ctx->d_errorresponses % ctx->d_redirectresponses % ctx->d_validresponses % ctx->getTicketsKeysCount() % ctx->getTicketsKeyRotationDelay() % ctx->getNextTicketsKeyRotation()) << endl; + counter++; + } + g_outputBuffer = ret.str(); + } + catch (const std::exception& e) { + g_outputBuffer = e.what(); + throw; + } +#else + g_outputBuffer = "DNS over HTTPS support is not present!\n"; +#endif + }); + + luaCtx.writeFunction("showDOHResponseCodes", []() { +#ifdef HAVE_DNS_OVER_HTTPS + setLuaNoSideEffect(); + try { + ostringstream ret; + boost::format fmt("%-3d %-20.20s %-15d %-15d %-15d %-15d %-15d %-15d"); + g_outputBuffer = "\n- HTTP/1:\n\n"; + ret << (fmt % "#" % "Address" % "200" % "400" % "403" % "500" % "502" % "Others") << endl; + size_t counter = 0; + for (const auto& ctx : g_dohlocals) { + ret << (fmt % counter % ctx->d_local.toStringWithPort() % ctx->d_http1Stats.d_nb200Responses % ctx->d_http1Stats.d_nb400Responses % ctx->d_http1Stats.d_nb403Responses % ctx->d_http1Stats.d_nb500Responses % ctx->d_http1Stats.d_nb502Responses % ctx->d_http1Stats.d_nbOtherResponses) << endl; + counter++; + } + g_outputBuffer += ret.str(); + ret.str(""); + + g_outputBuffer += "\n- HTTP/2:\n\n"; + ret << (fmt % "#" % "Address" % "200" % "400" % "403" % "500" % "502" % "Others") << endl; + counter = 0; + for (const auto& ctx : g_dohlocals) { + ret << (fmt % counter % ctx->d_local.toStringWithPort() % ctx->d_http2Stats.d_nb200Responses % ctx->d_http2Stats.d_nb400Responses % ctx->d_http2Stats.d_nb403Responses % ctx->d_http2Stats.d_nb500Responses % ctx->d_http2Stats.d_nb502Responses % ctx->d_http2Stats.d_nbOtherResponses) << endl; + counter++; + } + g_outputBuffer += ret.str(); + } + catch (const std::exception& e) { + g_outputBuffer = e.what(); + throw; + } +#else + g_outputBuffer = "DNS over HTTPS support is not present!\n"; +#endif + }); + + luaCtx.writeFunction("getDOHFrontend", [client](size_t index) { + std::shared_ptr result = nullptr; + if (client) { + return result; + } +#ifdef HAVE_DNS_OVER_HTTPS + setLuaNoSideEffect(); + try { + if (index < g_dohlocals.size()) { + result = g_dohlocals.at(index); + } + else { + errlog("Error: trying to get DOH frontend with index %zu but we only have %zu frontend(s)\n", index, g_dohlocals.size()); + g_outputBuffer = "Error: trying to get DOH frontend with index " + std::to_string(index) + " but we only have " + std::to_string(g_dohlocals.size()) + " frontend(s)\n"; + } + } + catch (const std::exception& e) { + g_outputBuffer = "Error while trying to get DOH frontend with index " + std::to_string(index) + ": " + string(e.what()) + "\n"; + errlog("Error while trying to get DOH frontend with index %zu: %s\n", index, string(e.what())); + } +#else + g_outputBuffer="DNS over HTTPS support is not present!\n"; +#endif + return result; + }); + + luaCtx.writeFunction("getDOHFrontendCount", []() { + setLuaNoSideEffect(); + return g_dohlocals.size(); + }); + + luaCtx.registerFunction::*)()>("reloadCertificates", [](std::shared_ptr frontend) { + if (frontend != nullptr) { + frontend->reloadCertificates(); + } + }); + + luaCtx.registerFunction::*)(boost::variant>> certFiles, boost::variant>> keyFiles)>("loadNewCertificatesAndKeys", [](std::shared_ptr frontend, boost::variant>> certFiles, boost::variant>> keyFiles) { +#ifdef HAVE_DNS_OVER_HTTPS + if (frontend != nullptr) { + if (loadTLSCertificateAndKeys("DOHFrontend::loadNewCertificatesAndKeys", frontend->d_tlsConfig.d_certKeyPairs, certFiles, keyFiles)) { + frontend->reloadCertificates(); + } + } +#endif + }); + + luaCtx.registerFunction::*)()>("rotateTicketsKey", [](std::shared_ptr frontend) { + if (frontend != nullptr) { + frontend->rotateTicketsKey(time(nullptr)); + } + }); + + luaCtx.registerFunction::*)(const std::string&)>("loadTicketsKeys", [](std::shared_ptr frontend, const std::string& file) { + if (frontend != nullptr) { + frontend->loadTicketsKeys(file); + } + }); + + luaCtx.registerFunction::*)(const std::map>&)>("setResponsesMap", [](std::shared_ptr frontend, const std::map>& map) { + if (frontend != nullptr) { + auto newMap = std::make_shared>>(); + newMap->reserve(map.size()); + + for (const auto& entry : map) { + newMap->push_back(entry.second); + } + + frontend->d_responsesMap = std::move(newMap); + } + }); + + luaCtx.registerFunction::*)() const>("getAddressAndPort", [](const std::shared_ptr& frontend) { + if (frontend == nullptr) { + return std::string(); + } + return frontend->d_local.toStringWithPort(); + }); + + luaCtx.writeFunction("addTLSLocal", [client](const std::string& addr, boost::variant>> certFiles, boost::variant>> keyFiles, boost::optional vars) { + if (client) { + return; + } +#ifdef HAVE_DNS_OVER_TLS + setLuaSideEffect(); + if (g_configurationDone) { + g_outputBuffer = "addTLSLocal cannot be used at runtime!\n"; + return; + } + shared_ptr frontend = std::make_shared(); + + if (!loadTLSCertificateAndKeys("addTLSLocal", frontend->d_tlsConfig.d_certKeyPairs, certFiles, keyFiles)) { + return; + } + + bool reusePort = false; + int tcpFastOpenQueueSize = 0; + int tcpListenQueueSize = 0; + size_t maxInFlightQueriesPerConn = 0; + size_t tcpMaxConcurrentConns = 0; + std::string interface; + std::set cpus; + + if (vars) { + parseLocalBindVars(vars, reusePort, tcpFastOpenQueueSize, interface, cpus, tcpListenQueueSize, maxInFlightQueriesPerConn, tcpMaxConcurrentConns); + + if (vars->count("provider")) { + frontend->d_provider = boost::get((*vars)["provider"]); + boost::algorithm::to_lower(frontend->d_provider); + } + + parseTLSConfig(frontend->d_tlsConfig, "addTLSLocal", vars); + } + + try { + frontend->d_addr = ComboAddress(addr, 853); + if (!frontend->d_provider.empty()) { + vinfolog("Loading TLS provider '%s'", frontend->d_provider); + } + else { +#ifdef HAVE_LIBSSL + vinfolog("Loading default TLS provider 'openssl'"); +#else + vinfolog("Loading default TLS provider 'gnutls'"); +#endif + } + // only works pre-startup, so no sync necessary + auto cs = std::make_unique(frontend->d_addr, true, reusePort, tcpFastOpenQueueSize, interface, cpus); + cs->tlsFrontend = frontend; + if (tcpListenQueueSize > 0) { + cs->tcpListenQueueSize = tcpListenQueueSize; + } + if (maxInFlightQueriesPerConn > 0) { + cs->d_maxInFlightQueriesPerConn = maxInFlightQueriesPerConn; + } + if (tcpMaxConcurrentConns > 0) { + cs->d_tcpConcurrentConnectionsLimit = tcpMaxConcurrentConns; + } + + g_tlslocals.push_back(cs->tlsFrontend); + g_frontends.push_back(std::move(cs)); + } + catch (const std::exception& e) { + g_outputBuffer = "Error: " + string(e.what()) + "\n"; + } +#else + throw std::runtime_error("addTLSLocal() called but DNS over TLS support is not present!"); +#endif + }); + + luaCtx.writeFunction("showTLSContexts", []() { +#ifdef HAVE_DNS_OVER_TLS + setLuaNoSideEffect(); + try { + ostringstream ret; + boost::format fmt("%1$-3d %2$-20.20s %|25t|%3$-14d %|40t|%4$-14d %|54t|%5$-21.21s"); + // 1 2 3 4 5 + ret << (fmt % "#" % "Address" % "# ticket keys" % "Rotation delay" % "Next rotation") << endl; + size_t counter = 0; + for (const auto& ctx : g_tlslocals) { + ret << (fmt % counter % ctx->d_addr.toStringWithPort() % ctx->getTicketsKeysCount() % ctx->getTicketsKeyRotationDelay() % ctx->getNextTicketsKeyRotation()) << endl; + counter++; + } + g_outputBuffer = ret.str(); + } + catch (const std::exception& e) { + g_outputBuffer = e.what(); + throw; + } +#else + g_outputBuffer = "DNS over TLS support is not present!\n"; +#endif + }); + + luaCtx.writeFunction("getTLSContext", [](size_t index) { + std::shared_ptr result = nullptr; +#ifdef HAVE_DNS_OVER_TLS + setLuaNoSideEffect(); + try { + if (index < g_tlslocals.size()) { + result = g_tlslocals.at(index)->getContext(); + } + else { + errlog("Error: trying to get TLS context with index %zu but we only have %zu context(s)\n", index, g_tlslocals.size()); + g_outputBuffer = "Error: trying to get TLS context with index " + std::to_string(index) + " but we only have " + std::to_string(g_tlslocals.size()) + " context(s)\n"; + } + } + catch (const std::exception& e) { + g_outputBuffer = "Error while trying to get TLS context with index " + std::to_string(index) + ": " + string(e.what()) + "\n"; + errlog("Error while trying to get TLS context with index %zu: %s\n", index, string(e.what())); + } +#else + g_outputBuffer="DNS over TLS support is not present!\n"; +#endif + return result; + }); + + luaCtx.writeFunction("getTLSFrontend", [](size_t index) { + std::shared_ptr result = nullptr; +#ifdef HAVE_DNS_OVER_TLS + setLuaNoSideEffect(); + try { + if (index < g_tlslocals.size()) { + result = g_tlslocals.at(index); + } + else { + errlog("Error: trying to get TLS frontend with index %zu but we only have %zu frontends\n", index, g_tlslocals.size()); + g_outputBuffer = "Error: trying to get TLS frontend with index " + std::to_string(index) + " but we only have " + std::to_string(g_tlslocals.size()) + " frontend(s)\n"; + } + } + catch (const std::exception& e) { + g_outputBuffer = "Error while trying to get TLS frontend with index " + std::to_string(index) + ": " + string(e.what()) + "\n"; + errlog("Error while trying to get TLS frontend with index %zu: %s\n", index, string(e.what())); + } +#else + g_outputBuffer="DNS over TLS support is not present!\n"; +#endif + return result; + }); + + luaCtx.writeFunction("getTLSFrontendCount", []() { + setLuaNoSideEffect(); + return g_tlslocals.size(); + }); + + luaCtx.registerFunction::*)()>("rotateTicketsKey", [](std::shared_ptr& ctx) { + if (ctx != nullptr) { + ctx->rotateTicketsKey(time(nullptr)); + } + }); + + luaCtx.registerFunction::*)(const std::string&)>("loadTicketsKeys", [](std::shared_ptr& ctx, const std::string& file) { + if (ctx != nullptr) { + ctx->loadTicketsKeys(file); + } + }); + + luaCtx.registerFunction::*)() const>("getAddressAndPort", [](const std::shared_ptr& frontend) { + if (frontend == nullptr) { + return std::string(); + } + return frontend->d_addr.toStringWithPort(); + }); + + luaCtx.registerFunction::*)()>("rotateTicketsKey", [](std::shared_ptr& frontend) { + if (frontend == nullptr) { + return; + } + auto ctx = frontend->getContext(); + if (ctx) { + ctx->rotateTicketsKey(time(nullptr)); + } + }); + + luaCtx.registerFunction::*)(const std::string&)>("loadTicketsKeys", [](std::shared_ptr& frontend, const std::string& file) { + if (frontend == nullptr) { + return; + } + auto ctx = frontend->getContext(); + if (ctx) { + ctx->loadTicketsKeys(file); + } + }); + + luaCtx.registerFunction::*)()>("reloadCertificates", [](std::shared_ptr& frontend) { + if (frontend == nullptr) { + return; + } + frontend->setupTLS(); + }); + + luaCtx.registerFunction::*)(boost::variant>> certFiles, boost::variant>> keyFiles)>("loadNewCertificatesAndKeys", [](std::shared_ptr& frontend, boost::variant>> certFiles, boost::variant>> keyFiles) { +#ifdef HAVE_DNS_OVER_TLS + if (loadTLSCertificateAndKeys("TLSFrontend::loadNewCertificatesAndKeys", frontend->d_tlsConfig.d_certKeyPairs, certFiles, keyFiles)) { + frontend->setupTLS(); + } +#endif + }); + + luaCtx.writeFunction("reloadAllCertificates", []() { + for (auto& frontend : g_frontends) { + if (!frontend) { + continue; + } + try { +#ifdef HAVE_DNSCRYPT + if (frontend->dnscryptCtx) { + frontend->dnscryptCtx->reloadCertificates(); + } +#endif /* HAVE_DNSCRYPT */ +#ifdef HAVE_DNS_OVER_TLS + if (frontend->tlsFrontend) { + frontend->tlsFrontend->setupTLS(); + } +#endif /* HAVE_DNS_OVER_TLS */ +#ifdef HAVE_DNS_OVER_HTTPS + if (frontend->dohFrontend) { + frontend->dohFrontend->reloadCertificates(); + } +#endif /* HAVE_DNS_OVER_HTTPS */ + } + catch (const std::exception& e) { + errlog("Error reloading certificates for frontend %s: %s", frontend->local.toStringWithPort(), e.what()); + } + } + }); + + luaCtx.writeFunction("setAllowEmptyResponse", [](bool allow) { g_allowEmptyResponse = allow; }); + luaCtx.writeFunction("setDropEmptyQueries", [](bool drop) { extern bool g_dropEmptyQueries; g_dropEmptyQueries = drop; }); + +#if defined(HAVE_LIBSSL) && defined(HAVE_OCSP_BASIC_SIGN) + luaCtx.writeFunction("generateOCSPResponse", [client](const std::string& certFile, const std::string& caCert, const std::string& caKey, const std::string& outFile, int ndays, int nmin) { + if (client) { + return; + } + + libssl_generate_ocsp_response(certFile, caCert, caKey, outFile, ndays, nmin); + }); +#endif /* HAVE_LIBSSL && HAVE_OCSP_BASIC_SIGN*/ + + luaCtx.writeFunction("addCapabilitiesToRetain", [](boost::variant> caps) { + setLuaSideEffect(); + if (g_configurationDone) { + g_outputBuffer = "addCapabilitiesToRetain cannot be used at runtime!\n"; + return; + } + if (caps.type() == typeid(std::string)) { + g_capabilitiesToRetain.insert(boost::get(caps)); + } + else if (caps.type() == typeid(std::map)) { + for (const auto& cap : boost::get>(caps)) { + g_capabilitiesToRetain.insert(cap.second); + } + } + }); + + luaCtx.writeFunction("setUDPSocketBufferSizes", [client](uint64_t recv, uint64_t snd) { + if (client) { + return; + } + checkParameterBound("setUDPSocketBufferSizes", recv, std::numeric_limits::max()); + checkParameterBound("setUDPSocketBufferSizes", snd, std::numeric_limits::max()); + setLuaSideEffect(); + + if (g_configurationDone) { + g_outputBuffer = "setUDPSocketBufferSizes cannot be used at runtime!\n"; + return; + } + + g_socketUDPSendBuffer = snd; + g_socketUDPRecvBuffer = recv; + }); +} + +vector> setupLua(LuaContext& luaCtx, bool client, bool configCheck, const std::string& config) +{ + // this needs to exist only during the parsing of the configuration + // and cannot be captured by lambdas + g_launchWork = std::vector>(); + + setupLuaActions(luaCtx); + setupLuaConfig(luaCtx, client, configCheck); + setupLuaBindings(luaCtx, client); + setupLuaBindingsDNSCrypt(luaCtx); + setupLuaBindingsDNSQuestion(luaCtx); + setupLuaBindingsKVS(luaCtx, client); + setupLuaBindingsPacketCache(luaCtx, client); + setupLuaBindingsProtoBuf(luaCtx, client, configCheck); + setupLuaInspection(luaCtx); + setupLuaRules(luaCtx); + setupLuaVars(luaCtx); + setupLuaWeb(luaCtx); + +#ifdef LUAJIT_VERSION + luaCtx.executeCode(getLuaFFIWrappers()); +#endif + + std::ifstream ifs(config); + if (!ifs) + warnlog("Unable to read configuration from '%s'", config); + else + vinfolog("Read configuration from '%s'", config); + + luaCtx.executeCode(ifs); + + auto ret = *g_launchWork; + g_launchWork = boost::none; + return ret; +} diff --git a/dnsdist-lua.hh b/dnsdist-lua.hh new file mode 100644 index 0000000..b8230eb --- /dev/null +++ b/dnsdist-lua.hh @@ -0,0 +1,109 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include + +struct ResponseConfig +{ + boost::optional setAA{boost::none}; + boost::optional setAD{boost::none}; + boost::optional setRA{boost::none}; + uint32_t ttl{60}; +}; +void setResponseHeadersFromConfig(dnsheader& dh, const ResponseConfig& config); + +class SpoofAction : public DNSAction +{ +public: + SpoofAction(const vector& addrs): d_addrs(addrs) + { + for (const auto& addr : d_addrs) { + if (addr.isIPv4()) { + d_types.insert(QType::A); + } + else if (addr.isIPv6()) { + d_types.insert(QType::AAAA); + } + } + + if (!d_addrs.empty()) { + d_types.insert(QType::ANY); + } + } + + SpoofAction(const DNSName& cname): d_cname(cname) + { + } + + SpoofAction(const vector& raws): d_rawResponses(raws) + { + } + + DNSAction::Action operator()(DNSQuestion* dq, string* ruleresult) const override; + + string toString() const override + { + string ret = "spoof in "; + if (!d_cname.empty()) { + ret += d_cname.toString() + " "; + } + if (d_rawResponses.size() > 0) { + ret += "raw bytes "; + } + else { + for(const auto& a : d_addrs) + ret += a.toString()+" "; + } + return ret; + } + + + ResponseConfig d_responseConfig; +private: + static thread_local std::default_random_engine t_randomEngine; + std::vector d_addrs; + std::set d_types; + std::vector d_rawResponses; + DNSName d_cname; +}; + +typedef boost::variant>, std::shared_ptr, DNSName, vector > > luadnsrule_t; +std::shared_ptr makeRule(const luadnsrule_t& var); +typedef std::unordered_map > luaruleparams_t; +void parseRuleParams(boost::optional params, boost::uuids::uuid& uuid, std::string& name, uint64_t& creationOrder); + +typedef NetmaskTree nmts_t; + +vector> setupLua(LuaContext& luaCtx, bool client, bool configCheck, const std::string& config); +void setupLuaActions(LuaContext& luaCtx); +void setupLuaBindings(LuaContext& luaCtx, bool client); +void setupLuaBindingsDNSCrypt(LuaContext& luaCtx); +void setupLuaBindingsDNSQuestion(LuaContext& luaCtx); +void setupLuaBindingsKVS(LuaContext& luaCtx, bool client); +void setupLuaBindingsPacketCache(LuaContext& luaCtx, bool client); +void setupLuaBindingsProtoBuf(LuaContext& luaCtx, bool client, bool configCheck); +void setupLuaRules(LuaContext& luaCtx); +void setupLuaInspection(LuaContext& luaCtx); +void setupLuaVars(LuaContext& luaCtx); +void setupLuaWeb(LuaContext& luaCtx); +void setupLuaLoadBalancingContext(LuaContext& luaCtx); diff --git a/dnsdist-nghttp2.cc b/dnsdist-nghttp2.cc new file mode 100644 index 0000000..9d5781e --- /dev/null +++ b/dnsdist-nghttp2.cc @@ -0,0 +1,1206 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#ifdef HAVE_NGHTTP2 +#include +#endif /* HAVE_NGHTTP2 */ + +#include "dnsdist-nghttp2.hh" +#include "dnsdist-tcp.hh" +#include "dnsdist-tcp-downstream.hh" + +#include "dolog.hh" +#include "iputils.hh" +#include "libssl.hh" +#include "noinitvector.hh" +#include "tcpiohandler.hh" +#include "threadname.hh" +#include "sstuff.hh" + +std::atomic g_dohStatesDumpRequested{0}; +std::unique_ptr g_dohClientThreads{nullptr}; +std::optional g_outgoingDoHWorkerThreads{std::nullopt}; + +#ifdef HAVE_NGHTTP2 +class DoHConnectionToBackend : public ConnectionToBackend +{ +public: + DoHConnectionToBackend(const std::shared_ptr& ds, std::unique_ptr& mplexer, const struct timeval& now, std::string&& proxyProtocolPayload); + + void handleTimeout(const struct timeval& now, bool write) override; + void queueQuery(std::shared_ptr& sender, TCPQuery&& query) override; + + std::string toString() const override + { + ostringstream o; + o << "DoH connection to backend " << (d_ds ? d_ds->getName() : "empty") << " over FD " << (d_handler ? std::to_string(d_handler->getDescriptor()) : "no socket") << ", " << getConcurrentStreamsCount() << " streams"; + return o.str(); + } + + void setHealthCheck(bool h) + { + d_healthCheckQuery = h; + } + + void stopIO() override; + bool reachedMaxConcurrentQueries() const override; + bool reachedMaxStreamID() const override; + bool isIdle() const override; + void release() override + { + } + +private: + static ssize_t send_callback(nghttp2_session* session, const uint8_t* data, size_t length, int flags, void* user_data); + static int on_frame_recv_callback(nghttp2_session* session, const nghttp2_frame* frame, void* user_data); + static int on_data_chunk_recv_callback(nghttp2_session* session, uint8_t flags, int32_t stream_id, const uint8_t* data, size_t len, void* user_data); + static int on_stream_close_callback(nghttp2_session* session, int32_t stream_id, uint32_t error_code, void* user_data); + static int on_header_callback(nghttp2_session* session, const nghttp2_frame* frame, const uint8_t* name, size_t namelen, const uint8_t* value, size_t valuelen, uint8_t flags, void* user_data); + static int on_error_callback(nghttp2_session* session, int lib_error_code, const char* msg, size_t len, void* user_data); + static void handleReadableIOCallback(int fd, FDMultiplexer::funcparam_t& param); + static void handleWritableIOCallback(int fd, FDMultiplexer::funcparam_t& param); + + static void addStaticHeader(std::vector& headers, const std::string& nameKey, const std::string& valueKey); + static void addDynamicHeader(std::vector& headers, const std::string& nameKey, const std::string& value); + + class PendingRequest + { + public: + std::shared_ptr d_sender{nullptr}; + TCPQuery d_query; + PacketBuffer d_buffer; + size_t d_queryPos{0}; + uint16_t d_responseCode{0}; + bool d_finished{false}; + }; + void addToIOState(IOState state, FDMultiplexer::callbackfunc_t callback); + void updateIO(IOState newState, FDMultiplexer::callbackfunc_t callback, bool noTTD = false); + void watchForRemoteHostClosingConnection(); + void handleResponse(PendingRequest&& request); + void handleResponseError(PendingRequest&& request, const struct timeval& now); + void handleIOError(); + uint32_t getConcurrentStreamsCount() const; + + size_t getUsageCount() const + { + auto ref = shared_from_this(); + return ref.use_count(); + } + + static const std::unordered_map s_constants; + + std::unordered_map d_currentStreams; + std::string d_proxyProtocolPayload; + PacketBuffer d_out; + PacketBuffer d_in; + std::unique_ptr d_session{nullptr, nghttp2_session_del}; + size_t d_outPos{0}; + size_t d_inPos{0}; + bool d_healthCheckQuery{false}; + bool d_firstWrite{true}; +}; + +using DownstreamDoHConnectionsManager = DownstreamConnectionsManager; +thread_local DownstreamDoHConnectionsManager t_downstreamDoHConnectionsManager; + +uint32_t DoHConnectionToBackend::getConcurrentStreamsCount() const +{ + return d_currentStreams.size(); +} + +void DoHConnectionToBackend::handleResponse(PendingRequest&& request) +{ + struct timeval now; + gettimeofday(&now, nullptr); + try { + request.d_sender->handleResponse(now, TCPResponse(std::move(request.d_buffer), std::move(request.d_query.d_idstate), shared_from_this())); + } + catch (const std::exception& e) { + vinfolog("Got exception while handling response for cross-protocol DoH: %s", e.what()); + } +} + +void DoHConnectionToBackend::handleResponseError(PendingRequest&& request, const struct timeval& now) +{ + try { + request.d_sender->notifyIOError(std::move(request.d_query.d_idstate), now); + } + catch (const std::exception& e) { + vinfolog("Got exception while handling response for cross-protocol DoH: %s", e.what()); + } +} + +void DoHConnectionToBackend::handleIOError() +{ + d_connectionDied = true; + nghttp2_session_terminate_session(d_session.get(), NGHTTP2_PROTOCOL_ERROR); + + struct timeval now; + gettimeofday(&now, nullptr); + for (auto& request : d_currentStreams) { + handleResponseError(std::move(request.second), now); + } + + d_currentStreams.clear(); + stopIO(); +} + +void DoHConnectionToBackend::handleTimeout(const struct timeval& now, bool write) +{ + if (write) { + if (d_firstWrite) { + ++d_ds->tcpConnectTimeouts; + } + else { + ++d_ds->tcpWriteTimeouts; + } + } + else { + ++d_ds->tcpReadTimeouts; + } + + handleIOError(); +} + +bool DoHConnectionToBackend::reachedMaxStreamID() const +{ + const uint32_t maximumStreamID = (static_cast(1) << 31) - 1; + return d_highestStreamID == maximumStreamID; +} + +bool DoHConnectionToBackend::reachedMaxConcurrentQueries() const +{ + //cerr<<"Got "< DoHConnectionToBackend::s_constants = { + {"method-name", ":method"}, + {"method-value", "POST"}, + {"scheme-name", ":scheme"}, + {"scheme-value", "https"}, + {"accept-name", "accept"}, + {"accept-value", "application/dns-message"}, + {"content-type-name", "content-type"}, + {"content-type-value", "application/dns-message"}, + {"user-agent-name", "user-agent"}, + {"user-agent-value", "nghttp2-" NGHTTP2_VERSION "/dnsdist"}, + {"authority-name", ":authority"}, + {"path-name", ":path"}, + {"content-length-name", "content-length"}, + {"x-forwarded-for-name", "x-forwarded-for"}, + {"x-forwarded-port-name", "x-forwarded-port"}, + {"x-forwarded-proto-name", "x-forwarded-proto"}, + {"x-forwarded-proto-value-dns-over-udp", "dns-over-udp"}, + {"x-forwarded-proto-value-dns-over-tcp", "dns-over-tcp"}, + {"x-forwarded-proto-value-dns-over-tls", "dns-over-tls"}, + {"x-forwarded-proto-value-dns-over-http", "dns-over-http"}, + {"x-forwarded-proto-value-dns-over-https", "dns-over-https"}, +}; + +void DoHConnectionToBackend::addStaticHeader(std::vector& headers, const std::string& nameKey, const std::string& valueKey) +{ + const auto& name = s_constants.at(nameKey); + const auto& value = s_constants.at(valueKey); + + headers.push_back({const_cast(reinterpret_cast(name.c_str())), const_cast(reinterpret_cast(value.c_str())), name.size(), value.size(), NGHTTP2_NV_FLAG_NO_COPY_NAME | NGHTTP2_NV_FLAG_NO_COPY_VALUE}); +} + +void DoHConnectionToBackend::addDynamicHeader(std::vector& headers, const std::string& nameKey, const std::string& value) +{ + const auto& name = s_constants.at(nameKey); + + headers.push_back({const_cast(reinterpret_cast(name.c_str())), const_cast(reinterpret_cast(value.c_str())), name.size(), value.size(), NGHTTP2_NV_FLAG_NO_COPY_NAME | NGHTTP2_NV_FLAG_NO_COPY_VALUE}); +} + +void DoHConnectionToBackend::queueQuery(std::shared_ptr& sender, TCPQuery&& query) +{ + auto payloadSize = std::to_string(query.d_buffer.size()); + + bool addXForwarded = d_ds->d_addXForwardedHeaders; + + /* We use nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_NAME and nghttp2_nv_flag.NGHTTP2_NV_FLAG_NO_COPY_VALUE + to avoid a copy and lowercasing but we need to make sure that the data will outlive the request (nghttp2_on_frame_send_callback called), and that it is already lowercased. */ + std::vector headers; + // these need to live until after the request headers have been processed + std::string remote; + std::string remotePort; + headers.reserve(8 + (addXForwarded ? 3 : 0)); + + /* Pseudo-headers need to come first (rfc7540 8.1.2.1) */ + addStaticHeader(headers, "method-name", "method-value"); + addStaticHeader(headers, "scheme-name", "scheme-value"); + addDynamicHeader(headers, "authority-name", d_ds->d_tlsSubjectName); + addDynamicHeader(headers, "path-name", d_ds->d_dohPath); + addStaticHeader(headers, "accept-name", "accept-value"); + addStaticHeader(headers, "content-type-name", "content-type-value"); + addStaticHeader(headers, "user-agent-name", "user-agent-value"); + addDynamicHeader(headers, "content-length-name", payloadSize); + /* no need to add these headers for health-check queries */ + if (addXForwarded && query.d_idstate.origRemote.getPort() != 0) { + remote = query.d_idstate.origRemote.toString(); + remotePort = std::to_string(query.d_idstate.origRemote.getPort()); + addDynamicHeader(headers, "x-forwarded-for-name", remote); + addDynamicHeader(headers, "x-forwarded-port-name", remotePort); + if (query.d_idstate.cs != nullptr) { + if (query.d_idstate.cs->isUDP()) { + addStaticHeader(headers, "x-forwarded-proto-name", "x-forwarded-proto-value-dns-over-udp"); + } + else if (query.d_idstate.cs->isDoH()) { + if (query.d_idstate.cs->hasTLS()) { + addStaticHeader(headers, "x-forwarded-proto-name", "x-forwarded-proto-value-dns-over-https"); + } + else { + addStaticHeader(headers, "x-forwarded-proto-name", "x-forwarded-proto-value-dns-over-http"); + } + } + else if (query.d_idstate.cs->hasTLS()) { + addStaticHeader(headers, "x-forwarded-proto-name", "x-forwarded-proto-value-dns-over-tls"); + } + else { + addStaticHeader(headers, "x-forwarded-proto-name", "x-forwarded-proto-value-dns-over-tcp"); + } + } + } + + PendingRequest pending; + pending.d_query = std::move(query); + pending.d_sender = std::move(sender); + + uint32_t streamId = nghttp2_session_get_next_stream_id(d_session.get()); + auto insertPair = d_currentStreams.insert({streamId, std::move(pending)}); + if (!insertPair.second) { + /* there is a stream ID collision, something is very wrong! */ + d_connectionDied = true; + nghttp2_session_terminate_session(d_session.get(), NGHTTP2_NO_ERROR); + throw std::runtime_error("Stream ID collision"); + } + + /* if data_prd is not NULL, it provides data which will be sent in subsequent DATA frames. In this case, a method that allows request message bodies (https://tools.ietf.org/html/rfc7231#section-4) must be specified with :method key (e.g. POST). This function does not take ownership of the data_prd. The function copies the members of the data_prd. If data_prd is NULL, HEADERS have END_STREAM set. + */ + nghttp2_data_provider data_provider; + + /* we will not use this pointer */ + data_provider.source.ptr = this; + data_provider.read_callback = [](nghttp2_session* session, int32_t stream_id, uint8_t* buf, size_t length, uint32_t* data_flags, nghttp2_data_source* source, void* user_data) -> ssize_t { + auto conn = reinterpret_cast(user_data); + auto& request = conn->d_currentStreams.at(stream_id); + size_t toCopy = 0; + if (request.d_queryPos < request.d_query.d_buffer.size()) { + size_t remaining = request.d_query.d_buffer.size() - request.d_queryPos; + toCopy = length > remaining ? remaining : length; + memcpy(buf, &request.d_query.d_buffer.at(request.d_queryPos), toCopy); + request.d_queryPos += toCopy; + } + + if (request.d_queryPos >= request.d_query.d_buffer.size()) { + *data_flags |= NGHTTP2_DATA_FLAG_EOF; + } + return toCopy; + }; + + auto newStreamId = nghttp2_submit_request(d_session.get(), nullptr, headers.data(), headers.size(), &data_provider, this); + if (newStreamId < 0) { + d_connectionDied = true; + ++d_ds->tcpDiedSendingQuery; + d_currentStreams.erase(streamId); + throw std::runtime_error("Error submitting HTTP request:" + std::string(nghttp2_strerror(newStreamId))); + } + + auto rv = nghttp2_session_send(d_session.get()); + if (rv != 0) { + d_connectionDied = true; + ++d_ds->tcpDiedSendingQuery; + d_currentStreams.erase(streamId); + throw std::runtime_error("Error in nghttp2_session_send:" + std::to_string(rv)); + } + + d_highestStreamID = newStreamId; +} + +class DoHClientThreadData +{ +public: + DoHClientThreadData() : + mplexer(std::unique_ptr(FDMultiplexer::getMultiplexerSilent())) + { + } + + std::unique_ptr mplexer{nullptr}; +}; + +void DoHConnectionToBackend::handleReadableIOCallback(int fd, FDMultiplexer::funcparam_t& param) +{ + auto conn = boost::any_cast>(param); + if (fd != conn->getHandle()) { + throw std::runtime_error("Unexpected socket descriptor " + std::to_string(fd) + " received in " + std::string(__PRETTY_FUNCTION__) + ", expected " + std::to_string(conn->getHandle())); + } + + IOStateGuard ioGuard(conn->d_ioState); + do { + conn->d_inPos = 0; + conn->d_in.resize(conn->d_in.size() + 512); + // cerr<<"trying to read "<d_in.size()<d_handler->tryRead(conn->d_in, conn->d_inPos, conn->d_in.size(), true); + // cerr<<"got a "<<(int)newState<<" state and "<d_inPos<<" bytes"<d_in.resize(conn->d_inPos); + + if (conn->d_inPos > 0) { + /* we got something */ + auto readlen = nghttp2_session_mem_recv(conn->d_session.get(), conn->d_in.data(), conn->d_inPos); + // cerr<<"nghttp2_session_mem_recv returned "< 0 && static_cast(readlen) < conn->d_inPos) { + throw std::runtime_error("Fatal error while passing received data to nghttp2: " + std::string(nghttp2_strerror((int)readlen))); + } + + struct timeval now; + gettimeofday(&now, nullptr); + conn->d_lastDataReceivedTime = now; + + // cerr<<"after read send"<d_session.get()); + } + + if (newState == IOState::Done) { + if (conn->isIdle()) { + conn->stopIO(); + conn->watchForRemoteHostClosingConnection(); + ioGuard.release(); + break; + } + } + else { + if (newState == IOState::NeedWrite) { + // cerr<<"need write"<updateIO(IOState::NeedWrite, handleReadableIOCallback); + } + ioGuard.release(); + break; + } + } + catch (const std::exception& e) { + vinfolog("Exception while trying to read from HTTP backend connection: %s", e.what()); + ++conn->d_ds->tcpDiedReadingResponse; + conn->handleIOError(); + break; + } + } while (conn->getConcurrentStreamsCount() > 0); +} + +void DoHConnectionToBackend::handleWritableIOCallback(int fd, FDMultiplexer::funcparam_t& param) +{ + auto conn = boost::any_cast>(param); + if (fd != conn->getHandle()) { + throw std::runtime_error("Unexpected socket descriptor " + std::to_string(fd) + " received in " + std::string(__PRETTY_FUNCTION__) + ", expected " + std::to_string(conn->getHandle())); + } + IOStateGuard ioGuard(conn->d_ioState); + + // cerr<<"in "<<__PRETTY_FUNCTION__<<" trying to write "<d_out.size()-conn->d_outPos<d_handler->tryWrite(conn->d_out, conn->d_outPos, conn->d_out.size()); + // cerr<<"got a "<<(int)newState<<" state, "<d_out.size()-conn->d_outPos<<" bytes remaining"<updateIO(IOState::NeedRead, handleWritableIOCallback); + } + else if (newState == IOState::Done) { + // cerr<<"done, buffer size was "<d_out.size()<<", pos was "<d_outPos<d_firstWrite = false; + conn->d_out.clear(); + conn->d_outPos = 0; + conn->stopIO(); + if (!conn->isIdle()) { + conn->updateIO(IOState::NeedRead, handleReadableIOCallback); + } + else { + conn->watchForRemoteHostClosingConnection(); + } + } + ioGuard.release(); + } + catch (const std::exception& e) { + vinfolog("Exception while trying to write (ready) to HTTP backend connection: %s", e.what()); + ++conn->d_ds->tcpDiedSendingQuery; + conn->handleIOError(); + } +} + +void DoHConnectionToBackend::stopIO() +{ + d_ioState->reset(); + + auto shared = std::dynamic_pointer_cast(shared_from_this()); + if (!willBeReusable(false)) { + /* remove ourselves from the connection cache, this might mean that our + reference count drops to zero after that, so we need to be careful */ + t_downstreamDoHConnectionsManager.removeDownstreamConnection(shared); + } + else { + t_downstreamDoHConnectionsManager.moveToIdle(shared); + } +} + +void DoHConnectionToBackend::updateIO(IOState newState, FDMultiplexer::callbackfunc_t callback, bool noTTD) +{ + struct timeval now; + gettimeofday(&now, nullptr); + boost::optional ttd{boost::none}; + if (!noTTD) { + if (d_healthCheckQuery) { + ttd = getBackendHealthCheckTTD(now); + } + else if (newState == IOState::NeedRead) { + ttd = getBackendReadTTD(now); + } + else if (isFresh() && d_firstWrite) { + /* first write just after the non-blocking connect */ + ttd = getBackendConnectTTD(now); + } + else { + ttd = getBackendWriteTTD(now); + } + } + + auto shared = std::dynamic_pointer_cast(shared_from_this()); + if (shared) { + if (newState == IOState::NeedRead) { + d_ioState->update(newState, callback, shared, ttd); + } + else if (newState == IOState::NeedWrite) { + d_ioState->update(newState, callback, shared, ttd); + } + } +} + +void DoHConnectionToBackend::watchForRemoteHostClosingConnection() +{ + if (willBeReusable(false) && !d_healthCheckQuery) { + updateIO(IOState::NeedRead, handleReadableIOCallback, false); + } +} + +void DoHConnectionToBackend::addToIOState(IOState state, FDMultiplexer::callbackfunc_t callback) +{ + struct timeval now; + gettimeofday(&now, nullptr); + boost::optional ttd{boost::none}; + if (state == IOState::NeedRead) { + ttd = getBackendReadTTD(now); + } + else if (isFresh() && d_firstWrite == 0) { + /* first write just after the non-blocking connect */ + ttd = getBackendConnectTTD(now); + } + else { + ttd = getBackendWriteTTD(now); + } + + auto shared = std::dynamic_pointer_cast(shared_from_this()); + if (shared) { + if (state == IOState::NeedRead) { + d_ioState->add(state, callback, shared, ttd); + } + else if (state == IOState::NeedWrite) { + d_ioState->add(state, callback, shared, ttd); + } + } +} + +ssize_t DoHConnectionToBackend::send_callback(nghttp2_session* session, const uint8_t* data, size_t length, int flags, void* user_data) +{ + DoHConnectionToBackend* conn = reinterpret_cast(user_data); + bool bufferWasEmpty = conn->d_out.empty(); + if (!conn->d_proxyProtocolPayloadSent && !conn->d_proxyProtocolPayload.empty()) { + conn->d_out.insert(conn->d_out.end(), conn->d_proxyProtocolPayload.begin(), conn->d_proxyProtocolPayload.end()); + conn->d_proxyProtocolPayloadSent = true; + } + + conn->d_out.insert(conn->d_out.end(), data, data + length); + + if (bufferWasEmpty) { + try { + // cerr<<"in "<<__PRETTY_FUNCTION__<<" trying to write "<d_out.size()-conn->d_outPos<d_handler->tryWrite(conn->d_out, conn->d_outPos, conn->d_out.size()); + // cerr<<"got a "<<(int)state<<" state, "<d_out.size()-conn->d_outPos<<" bytes remaining"<d_firstWrite = false; + conn->d_out.clear(); + conn->d_outPos = 0; + conn->stopIO(); + if (!conn->isIdle()) { + conn->updateIO(IOState::NeedRead, handleReadableIOCallback); + } + else { + conn->watchForRemoteHostClosingConnection(); + } + } + else { + conn->updateIO(state, handleWritableIOCallback); + } + } + catch (const std::exception& e) { + vinfolog("Exception while trying to write (send) to HTTP backend connection: %s", e.what()); + conn->handleIOError(); + ++conn->d_ds->tcpDiedSendingQuery; + } + } + + return length; +} + +int DoHConnectionToBackend::on_frame_recv_callback(nghttp2_session* session, const nghttp2_frame* frame, void* user_data) +{ + DoHConnectionToBackend* conn = reinterpret_cast(user_data); + // cerr<<"Frame type is "<hd.type)<hd.type) { + case NGHTTP2_HEADERS: + cerr<<"got headers"<headers.cat == NGHTTP2_HCAT_RESPONSE) { + cerr<<"All headers received"<settings.niv<settings.niv; idx++) { + cerr<<"- "<settings.iv[idx].settings_id<<" "<settings.iv[idx].value<hd.type == NGHTTP2_GOAWAY) { + conn->d_connectionDied = true; + } + + /* is this the last frame for this stream? */ + else if ((frame->hd.type == NGHTTP2_HEADERS || frame->hd.type == NGHTTP2_DATA) && frame->hd.flags & NGHTTP2_FLAG_END_STREAM) { + auto stream = conn->d_currentStreams.find(frame->hd.stream_id); + if (stream != conn->d_currentStreams.end()) { + // cerr<<"Stream "<hd.stream_id<<" is now finished"<second.d_finished = true; + ++conn->d_queries; + + auto request = std::move(stream->second); + conn->d_currentStreams.erase(stream->first); + if (request.d_responseCode == 200U) { + conn->handleResponse(std::move(request)); + } + else { + vinfolog("HTTP response has a non-200 status code: %d", request.d_responseCode); + struct timeval now; + gettimeofday(&now, nullptr); + + conn->handleResponseError(std::move(request), now); + } + + if (conn->isIdle()) { + conn->stopIO(); + conn->watchForRemoteHostClosingConnection(); + } + } + else { + vinfolog("Stream %d NOT FOUND", frame->hd.stream_id); + conn->d_connectionDied = true; + ++conn->d_ds->tcpDiedReadingResponse; + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + } + + return 0; +} + +int DoHConnectionToBackend::on_data_chunk_recv_callback(nghttp2_session* session, uint8_t flags, int32_t stream_id, const uint8_t* data, size_t len, void* user_data) +{ + DoHConnectionToBackend* conn = reinterpret_cast(user_data); + // cerr<<"Got data of size "<d_currentStreams.find(stream_id); + if (stream == conn->d_currentStreams.end()) { + vinfolog("Unable to match the stream ID %d to a known one!", stream_id); + conn->d_connectionDied = true; + ++conn->d_ds->tcpDiedReadingResponse; + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + if (len > std::numeric_limits::max() || (std::numeric_limits::max() - stream->second.d_buffer.size()) < len) { + vinfolog("Data frame of size %d is too large for a DNS response (we already have %d)", len, stream->second.d_buffer.size()); + conn->d_connectionDied = true; + ++conn->d_ds->tcpDiedReadingResponse; + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + + stream->second.d_buffer.insert(stream->second.d_buffer.end(), data, data + len); + if (stream->second.d_finished) { + // cerr<<"we now have the full response!"<(data), len)<second); + conn->d_currentStreams.erase(stream->first); + if (request.d_responseCode == 200U) { + conn->handleResponse(std::move(request)); + } + else { + vinfolog("HTTP response has a non-200 status code: %d", request.d_responseCode); + struct timeval now; + gettimeofday(&now, nullptr); + + conn->handleResponseError(std::move(request), now); + } + if (conn->isIdle()) { + conn->stopIO(); + conn->watchForRemoteHostClosingConnection(); + } + } + + return 0; +} + +int DoHConnectionToBackend::on_stream_close_callback(nghttp2_session* session, int32_t stream_id, uint32_t error_code, void* user_data) +{ + DoHConnectionToBackend* conn = reinterpret_cast(user_data); + + if (error_code == 0) { + return 0; + } + + // cerr << "Stream " << stream_id << " closed with error_code=" << error_code << endl; + conn->d_connectionDied = true; + ++conn->d_ds->tcpDiedReadingResponse; + + auto stream = conn->d_currentStreams.find(stream_id); + if (stream == conn->d_currentStreams.end()) { + /* we don't care, then */ + return 0; + } + + struct timeval now; + gettimeofday(&now, nullptr); + auto request = std::move(stream->second); + conn->d_currentStreams.erase(stream->first); + + // cerr<<"Query has "<d_ds->d_retries<d_ds->d_retries) { + // cerr<<"in "<<__PRETTY_FUNCTION__<<", looking for a connection to send a query of size "<d_mplexer, conn->d_ds, now, std::string(conn->d_proxyProtocolPayload)); + downstream->queueQuery(request.d_sender, std::move(request.d_query)); + } + else { + conn->handleResponseError(std::move(request), now); + } + + //cerr<<"we now have "<getConcurrentStreamsCount()<<" concurrent connections"<isIdle()) { + //cerr<<"stopping IO"<stopIO(); + conn->watchForRemoteHostClosingConnection(); + } + + return 0; +} + +int DoHConnectionToBackend::on_header_callback(nghttp2_session* session, const nghttp2_frame* frame, const uint8_t* name, size_t namelen, const uint8_t* value, size_t valuelen, uint8_t flags, void* user_data) +{ + DoHConnectionToBackend* conn = reinterpret_cast(user_data); + + const std::string status(":status"); + if (frame->hd.type == NGHTTP2_HEADERS && frame->headers.cat == NGHTTP2_HCAT_RESPONSE) { + //cerr<<"got header for "<hd.stream_id<<":"<(name), namelen)<(value), valuelen)<d_currentStreams.find(frame->hd.stream_id); + if (stream == conn->d_currentStreams.end()) { + vinfolog("Unable to match the stream ID %d to a known one!", frame->hd.stream_id); + conn->d_connectionDied = true; + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + try { + stream->second.d_responseCode = pdns_stou(std::string(reinterpret_cast(value), valuelen)); + } + catch (...) { + vinfolog("Error parsing the status header for stream ID %d", frame->hd.stream_id); + conn->d_connectionDied = true; + ++conn->d_ds->tcpDiedReadingResponse; + return NGHTTP2_ERR_CALLBACK_FAILURE; + } + } + } + return 0; +} + +int DoHConnectionToBackend::on_error_callback(nghttp2_session* session, int lib_error_code, const char* msg, size_t len, void* user_data) +{ + vinfolog("Error in HTTP/2 connection: %s", std::string(msg, len)); + + DoHConnectionToBackend* conn = reinterpret_cast(user_data); + conn->d_connectionDied = true; + ++conn->d_ds->tcpDiedReadingResponse; + + return 0; +} + +DoHConnectionToBackend::DoHConnectionToBackend(const std::shared_ptr& ds, std::unique_ptr& mplexer, const struct timeval& now, std::string&& proxyProtocolPayload) : + ConnectionToBackend(ds, mplexer, now), d_proxyProtocolPayload(std::move(proxyProtocolPayload)) +{ + // inherit most of the stuff from the ConnectionToBackend() + d_ioState = make_unique(*d_mplexer, d_handler->getDescriptor()); + + nghttp2_session_callbacks* cbs = nullptr; + if (nghttp2_session_callbacks_new(&cbs) != 0) { + d_connectionDied = true; + ++d_ds->tcpDiedSendingQuery; + vinfolog("Unable to create a callback object for a new HTTP/2 session"); + return; + } + std::unique_ptr callbacks(cbs, nghttp2_session_callbacks_del); + cbs = nullptr; + + nghttp2_session_callbacks_set_send_callback(callbacks.get(), send_callback); + nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks.get(), on_frame_recv_callback); + nghttp2_session_callbacks_set_on_data_chunk_recv_callback(callbacks.get(), on_data_chunk_recv_callback); + nghttp2_session_callbacks_set_on_stream_close_callback(callbacks.get(), on_stream_close_callback); + nghttp2_session_callbacks_set_on_header_callback(callbacks.get(), on_header_callback); + nghttp2_session_callbacks_set_error_callback2(callbacks.get(), on_error_callback); + + nghttp2_session* sess = nullptr; + if (nghttp2_session_client_new(&sess, callbacks.get(), this) != 0) { + d_connectionDied = true; + ++d_ds->tcpDiedSendingQuery; + vinfolog("Coult not allocate a new HTTP/2 session"); + return; + } + + d_session = std::unique_ptr(sess, nghttp2_session_del); + sess = nullptr; + + callbacks.reset(); + + nghttp2_settings_entry iv[] = { + /* rfc7540 section-8.2.2: + "Advertising a SETTINGS_MAX_CONCURRENT_STREAMS value of zero disables + server push by preventing the server from creating the necessary + streams." + */ + {NGHTTP2_SETTINGS_MAX_CONCURRENT_STREAMS, 0}, + {NGHTTP2_SETTINGS_ENABLE_PUSH, 0}, + /* we might want to make the initial window size configurable, but 16M is a large enough default */ + {NGHTTP2_SETTINGS_INITIAL_WINDOW_SIZE, 16 * 1024 * 1024}}; + /* client 24 bytes magic string will be sent by nghttp2 library */ + int rv = nghttp2_submit_settings(d_session.get(), NGHTTP2_FLAG_NONE, iv, sizeof(iv) / sizeof(*iv)); + if (rv != 0) { + d_connectionDied = true; + ++d_ds->tcpDiedSendingQuery; + vinfolog("Could not submit SETTINGS: %s", nghttp2_strerror(rv)); + return; + } +} + +static void handleCrossProtocolQuery(int pipefd, FDMultiplexer::funcparam_t& param) +{ + auto threadData = boost::any_cast(param); + CrossProtocolQuery* tmp{nullptr}; + + ssize_t got = read(pipefd, &tmp, sizeof(tmp)); + if (got == 0) { + throw std::runtime_error("EOF while reading from the DoH cross-protocol pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode"); + } + else if (got == -1) { + if (errno == EAGAIN || errno == EINTR) { + return; + } + throw std::runtime_error("Error while reading from the DoH cross-protocol pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode:" + stringerror()); + } + else if (got != sizeof(tmp)) { + throw std::runtime_error("Partial read while reading from the DoH cross-protocol pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode"); + } + + try { + struct timeval now; + gettimeofday(&now, nullptr); + + std::shared_ptr tqs = tmp->getTCPQuerySender(); + auto query = std::move(tmp->query); + auto downstreamServer = std::move(tmp->downstream); + delete tmp; + tmp = nullptr; + + try { + auto downstream = t_downstreamDoHConnectionsManager.getConnectionToDownstream(threadData->mplexer, downstreamServer, now, std::move(query.d_proxyProtocolPayload)); + downstream->queueQuery(tqs, std::move(query)); + } + catch (...) { + tqs->notifyIOError(std::move(query.d_idstate), now); + } + } + catch (...) { + delete tmp; + tmp = nullptr; + } +} + +static void dohClientThread(int crossProtocolPipeFD) +{ + setThreadName("dnsdist/dohClie"); + + try { + DoHClientThreadData data; + data.mplexer->addReadFD(crossProtocolPipeFD, handleCrossProtocolQuery, &data); + + struct timeval now; + gettimeofday(&now, nullptr); + time_t lastTimeoutScan = now.tv_sec; + + for (;;) { + data.mplexer->run(&now); + + if (now.tv_sec > lastTimeoutScan) { + lastTimeoutScan = now.tv_sec; + + try { + t_downstreamDoHConnectionsManager.cleanupClosedConnections(now); + handleH2Timeouts(*data.mplexer, now); + + if (g_dohStatesDumpRequested > 0) { + /* just to keep things clean in the output, debug only */ + static std::mutex s_lock; + std::lock_guard lck(s_lock); + if (g_dohStatesDumpRequested > 0) { + /* no race here, we took the lock so it can only be increased in the meantime */ + --g_dohStatesDumpRequested; + errlog("Dumping the DoH client states, as requested:"); + data.mplexer->runForAllWatchedFDs([](bool isRead, int fd, const FDMultiplexer::funcparam_t& param, struct timeval ttd) { + struct timeval lnow; + gettimeofday(&lnow, nullptr); + if (ttd.tv_sec > 0) { + errlog("- Descriptor %d is in %s state, TTD in %d", fd, (isRead ? "read" : "write"), (ttd.tv_sec - lnow.tv_sec)); + } + else { + errlog("- Descriptor %d is in %s state, no TTD set", fd, (isRead ? "read" : "write")); + } + + if (param.type() == typeid(std::shared_ptr)) { + auto conn = boost::any_cast>(param); + errlog(" - %s", conn->toString()); + } + else if (param.type() == typeid(DoHClientThreadData*)) { + errlog(" - Worker thread pipe"); + } + }); + errlog("The DoH client cache has %d active and %d idle outgoing connections cached", t_downstreamDoHConnectionsManager.getActiveCount(), t_downstreamDoHConnectionsManager.getIdleCount()); + } + } + } + catch (const std::exception& e) { + errlog("Error in outgoing DoH thread: %s", e.what()); + } + } + } + } + catch (const std::exception& e) { + errlog("Fatal error in outgoing DoH thread: %s", e.what()); + } +} + +static bool select_next_proto_callback(unsigned char** out, unsigned char* outlen, const unsigned char* in, unsigned int inlen) +{ + if (nghttp2_select_next_protocol(out, outlen, in, inlen) <= 0) { + vinfolog("The remote DoH backend did not advertise " NGHTTP2_PROTO_VERSION_ID); + return false; + } + return true; +} + +#endif /* HAVE_NGHTTP2 */ + +struct DoHClientCollection::DoHWorkerThread +{ + DoHWorkerThread() + { + } + + DoHWorkerThread(int crossProtocolPipe) : + d_crossProtocolQueryPipe(crossProtocolPipe) + { + } + + DoHWorkerThread(DoHWorkerThread&& rhs) : + d_crossProtocolQueryPipe(rhs.d_crossProtocolQueryPipe) + { + rhs.d_crossProtocolQueryPipe = -1; + } + + DoHWorkerThread& operator=(DoHWorkerThread&& rhs) + { + if (d_crossProtocolQueryPipe != -1) { + close(d_crossProtocolQueryPipe); + } + + d_crossProtocolQueryPipe = rhs.d_crossProtocolQueryPipe; + rhs.d_crossProtocolQueryPipe = -1; + + return *this; + } + + DoHWorkerThread(const DoHWorkerThread& rhs) = delete; + DoHWorkerThread& operator=(const DoHWorkerThread&) = delete; + + ~DoHWorkerThread() + { + if (d_crossProtocolQueryPipe != -1) { + close(d_crossProtocolQueryPipe); + } + } + + int d_crossProtocolQueryPipe{-1}; +}; + +DoHClientCollection::DoHClientCollection(size_t numberOfThreads) : + d_clientThreads(numberOfThreads) +{ +} + +bool DoHClientCollection::passCrossProtocolQueryToThread(std::unique_ptr&& cpq) +{ + if (d_numberOfThreads == 0) { + throw std::runtime_error("No DoH worker thread yet"); + } + + uint64_t pos = d_pos++; + auto pipe = d_clientThreads.at(pos % d_numberOfThreads).d_crossProtocolQueryPipe; + auto tmp = cpq.release(); + + if (write(pipe, &tmp, sizeof(tmp)) != sizeof(tmp)) { + delete tmp; + ++g_stats.outgoingDoHQueryPipeFull; + tmp = nullptr; + return false; + } + + return true; +} + +void DoHClientCollection::addThread() +{ +#ifdef HAVE_NGHTTP2 + auto preparePipe = [](int fds[2], const std::string& type) -> bool { + if (pipe(fds) < 0) { + errlog("Error creating the DoH thread %s pipe: %s", type, stringerror()); + return false; + } + + if (!setNonBlocking(fds[0])) { + int err = errno; + close(fds[0]); + close(fds[1]); + errlog("Error setting the DoH thread %s pipe non-blocking: %s", type, stringerror(err)); + return false; + } + + if (!setNonBlocking(fds[1])) { + int err = errno; + close(fds[0]); + close(fds[1]); + errlog("Error setting the DoH thread %s pipe non-blocking: %s", type, stringerror(err)); + return false; + } + + if (g_tcpInternalPipeBufferSize > 0 && getPipeBufferSize(fds[0]) < g_tcpInternalPipeBufferSize) { + setPipeBufferSize(fds[0], g_tcpInternalPipeBufferSize); + } + + return true; + }; + + int crossProtocolFDs[2] = {-1, -1}; + if (!preparePipe(crossProtocolFDs, "cross-protocol")) { + return; + } + + vinfolog("Adding DoH Client thread"); + + { + std::lock_guard lock(d_mutex); + + if (d_numberOfThreads >= d_clientThreads.size()) { + vinfolog("Adding a new DoH client thread would exceed the vector size (%d/%d), skipping. Consider increasing the maximum amount of DoH client threads with setMaxDoHClientThreads() in the configuration.", d_numberOfThreads, d_clientThreads.size()); + close(crossProtocolFDs[0]); + close(crossProtocolFDs[1]); + return; + } + + /* from now on this side of the pipe will be managed by that object, + no need to worry about it */ + DoHWorkerThread worker(crossProtocolFDs[1]); + try { + std::thread t1(dohClientThread, crossProtocolFDs[0]); + t1.detach(); + } + catch (const std::runtime_error& e) { + /* the thread creation failed, don't leak */ + errlog("Error creating a DoH thread: %s", e.what()); + close(crossProtocolFDs[0]); + return; + } + + d_clientThreads.at(d_numberOfThreads) = std::move(worker); + ++d_numberOfThreads; + } +#else /* HAVE_NGHTTP2 */ + throw std::runtime_error("DoHClientCollection::addThread() called but nghttp2 support is not available"); +#endif /* HAVE_NGHTTP2 */ +} + +bool initDoHWorkers() +{ +#ifdef HAVE_NGHTTP2 + if (!g_outgoingDoHWorkerThreads) { + /* Unless the value has been set to 0 explicitly, always start at least one outgoing DoH worker thread, in case a DoH backend + is added at a later time. */ + g_outgoingDoHWorkerThreads = 1; + } + + if (g_outgoingDoHWorkerThreads && *g_outgoingDoHWorkerThreads > 0) { + g_dohClientThreads = std::make_unique(*g_outgoingDoHWorkerThreads); + for (size_t idx = 0; idx < *g_outgoingDoHWorkerThreads; idx++) { + g_dohClientThreads->addThread(); + } + } + return true; +#else + return false; +#endif /* HAVE_NGHTTP2 */ +} + +bool setupDoHClientProtocolNegotiation(std::shared_ptr& ctx) +{ + if (ctx == nullptr) { + return false; + } +#ifdef HAVE_NGHTTP2 + /* we want to set the ALPN to h2, if only to mitigate the ALPACA attack */ + const std::vector> h2Alpns = {{'h', '2'}}; + ctx->setALPNProtos(h2Alpns); + ctx->setNextProtocolSelectCallback(select_next_proto_callback); + return true; +#else /* HAVE_NGHTTP2 */ + return false; +#endif /* HAVE_NGHTTP2 */ +} + +bool sendH2Query(const std::shared_ptr& ds, std::unique_ptr& mplexer, std::shared_ptr& sender, InternalQuery&& query, bool healthCheck) +{ +#ifdef HAVE_NGHTTP2 + struct timeval now; + gettimeofday(&now, nullptr); + + if (healthCheck) { + /* always do health-checks over a new connection */ + auto newConnection = std::make_shared(ds, mplexer, now, std::move(query.d_proxyProtocolPayload)); + newConnection->setHealthCheck(healthCheck); + newConnection->queueQuery(sender, std::move(query)); + } + else { + auto connection = t_downstreamDoHConnectionsManager.getConnectionToDownstream(mplexer, ds, now, std::move(query.d_proxyProtocolPayload)); + connection->queueQuery(sender, std::move(query)); + } + + return true; +#else /* HAVE_NGHTTP2 */ + return false; +#endif /* HAVE_NGHTTP2 */ +} + +size_t clearH2Connections() +{ + size_t cleared = 0; +#ifdef HAVE_NGHTTP2 + cleared = t_downstreamDoHConnectionsManager.clear(); +#endif /* HAVE_NGHTTP2 */ + return cleared; +} + +size_t handleH2Timeouts(FDMultiplexer& mplexer, const struct timeval& now) +{ + size_t got = 0; +#ifdef HAVE_NGHTTP2 + auto expiredReadConns = mplexer.getTimeouts(now, false); + for (const auto& cbData : expiredReadConns) { + if (cbData.second.type() == typeid(std::shared_ptr)) { + auto conn = boost::any_cast>(cbData.second); + vinfolog("Timeout (read) from remote DoH backend %s", conn->getBackendName()); + conn->handleTimeout(now, false); + ++got; + } + } + + auto expiredWriteConns = mplexer.getTimeouts(now, true); + for (const auto& cbData : expiredWriteConns) { + if (cbData.second.type() == typeid(std::shared_ptr)) { + auto conn = boost::any_cast>(cbData.second); + vinfolog("Timeout (write) from remote DoH backend %s", conn->getBackendName()); + conn->handleTimeout(now, true); + ++got; + } + } +#endif /* HAVE_NGHTTP2 */ + return got; +} + +void setDoHDownstreamCleanupInterval(uint16_t max) +{ +#ifdef HAVE_NGHTTP2 + DownstreamDoHConnectionsManager::setCleanupInterval(max); +#endif /* HAVE_NGHTTP2 */ +} + +void setDoHDownstreamMaxIdleTime(uint16_t max) +{ +#ifdef HAVE_NGHTTP2 + DownstreamDoHConnectionsManager::setMaxIdleTime(max); +#endif /* HAVE_NGHTTP2 */ +} + +void setDoHDownstreamMaxIdleConnectionsPerBackend(size_t max) +{ +#ifdef HAVE_NGHTTP2 + DownstreamDoHConnectionsManager::setMaxIdleConnectionsPerDownstream(max); +#endif /* HAVE_NGHTTP2 */ +} diff --git a/dnsdist-nghttp2.hh b/dnsdist-nghttp2.hh new file mode 100644 index 0000000..6e38f28 --- /dev/null +++ b/dnsdist-nghttp2.hh @@ -0,0 +1,75 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include +#include +#include + +#include "dnsdist-tcp.hh" +#include "stat_t.hh" + +struct CrossProtocolQuery; + +class DoHClientCollection +{ +public: + DoHClientCollection(size_t numberOfThreads); + + uint64_t getThreadsCount() const + { + return d_numberOfThreads; + } + + bool passCrossProtocolQueryToThread(std::unique_ptr&& cpq); + void addThread(); + +private: + struct DoHWorkerThread; + + std::mutex d_mutex; + /* we only alter that vector at configuration time, and then + it is never modified at runtime, so we don't take a lock + after the configuration phase */ + std::vector d_clientThreads; + pdns::stat_t d_pos{0}; + uint64_t d_numberOfThreads{0}; +}; + +extern std::unique_ptr g_dohClientThreads; +extern std::atomic g_dohStatesDumpRequested; +extern std::optional g_outgoingDoHWorkerThreads; + +class TLSCtx; + +bool initDoHWorkers(); +bool setupDoHClientProtocolNegotiation(std::shared_ptr& ctx); + +/* opens a new HTTP/2 connection to the supplied backend (attached to the supplied multiplexer), sends the query, + waits for the response to come back or an error to occur then notifies the sender, closing the connection. */ +bool sendH2Query(const std::shared_ptr& ds, std::unique_ptr& mplexer, std::shared_ptr& sender, InternalQuery&& query, bool healthCheck); +size_t handleH2Timeouts(FDMultiplexer& mplexer, const struct timeval& now); +size_t clearH2Connections(); + +void setDoHDownstreamCleanupInterval(uint16_t max); +void setDoHDownstreamMaxIdleTime(uint16_t max); +void setDoHDownstreamMaxIdleConnectionsPerBackend(size_t max); diff --git a/dnsdist-prometheus.hh b/dnsdist-prometheus.hh new file mode 100644 index 0000000..a64b904 --- /dev/null +++ b/dnsdist-prometheus.hh @@ -0,0 +1,72 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +// Metric types for Prometheus +enum class PrometheusMetricType: int { + counter = 1, + gauge = 2 +}; + +// Keeps additional information about metrics +struct MetricDefinition { + MetricDefinition(PrometheusMetricType _prometheusType, const std::string& _description): description(_description), prometheusType(_prometheusType) { + } + + MetricDefinition() = default; + + // Metric description + std::string description; + // Metric type for Prometheus + PrometheusMetricType prometheusType; +}; + +struct MetricDefinitionStorage { + // Return metric definition by name + bool getMetricDetails(const std::string& metricName, MetricDefinition& metric) const { + const auto& metricDetailsIter = metrics.find(metricName); + + if (metricDetailsIter == metrics.end()) { + return false; + } + + metric = metricDetailsIter->second; + return true; + }; + + // Return string representation of Prometheus metric type + std::string getPrometheusStringMetricType(PrometheusMetricType metricType) const { + switch (metricType) { + case PrometheusMetricType::counter: + return "counter"; + break; + case PrometheusMetricType::gauge: + return "gauge"; + break; + default: + return ""; + break; + } + }; + + static const std::map metrics; +}; diff --git a/dnsdist-protobuf.cc b/dnsdist-protobuf.cc new file mode 100644 index 0000000..df8cb3f --- /dev/null +++ b/dnsdist-protobuf.cc @@ -0,0 +1,186 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "config.h" +#include "dnsdist.hh" +#include "dnsdist-protobuf.hh" +#include "protozero.hh" + +DNSDistProtoBufMessage::DNSDistProtoBufMessage(const DNSQuestion& dq): d_dq(dq), d_type(pdns::ProtoZero::Message::MessageType::DNSQueryType) +{ +} + +DNSDistProtoBufMessage::DNSDistProtoBufMessage(const DNSResponse& dr, bool includeCNAME): d_dq(dr), d_dr(&dr), d_type(pdns::ProtoZero::Message::MessageType::DNSResponseType), d_includeCNAME(includeCNAME) +{ +} + +void DNSDistProtoBufMessage::setServerIdentity(const std::string& serverId) +{ + d_serverIdentity = serverId; +} + +void DNSDistProtoBufMessage::setRequestor(const ComboAddress& requestor) +{ + d_requestor = requestor; +} + +void DNSDistProtoBufMessage::setResponder(const ComboAddress& responder) +{ + d_responder = responder; +} + +void DNSDistProtoBufMessage::setRequestorPort(uint16_t port) +{ + if (d_requestor) { + d_requestor->setPort(port); + } +} + +void DNSDistProtoBufMessage::setResponderPort(uint16_t port) +{ + if (d_responder) { + d_responder->setPort(port); + } +} + +void DNSDistProtoBufMessage::setResponseCode(uint8_t rcode) +{ + d_rcode = rcode; +} + +void DNSDistProtoBufMessage::setType(pdns::ProtoZero::Message::MessageType type) +{ + d_type = type; +} + +void DNSDistProtoBufMessage::setBytes(size_t bytes) +{ + d_bytes = bytes; +} + +void DNSDistProtoBufMessage::setTime(time_t sec, uint32_t usec) +{ + d_time = std::pair(sec, usec); +} + +void DNSDistProtoBufMessage::setQueryTime(time_t sec, uint32_t usec) +{ + d_queryTime = std::pair(sec, usec); +} + +void DNSDistProtoBufMessage::setQuestion(const DNSName& name, uint16_t qtype, uint16_t qclass) +{ + d_question = DNSDistProtoBufMessage::PBQuestion(name, qtype, qclass); +} + +void DNSDistProtoBufMessage::setEDNSSubnet(const Netmask& nm) +{ + d_ednsSubnet = nm; +} + +void DNSDistProtoBufMessage::addTag(const std::string& strValue) +{ + d_additionalTags.push_back(strValue); +} + +void DNSDistProtoBufMessage::addRR(DNSName&& qname, uint16_t uType, uint16_t uClass, uint32_t uTTL, const std::string& strBlob) +{ + d_additionalRRs.push_back({std::move(qname), strBlob, uTTL, uType, uClass}); +} + +void DNSDistProtoBufMessage::serialize(std::string& data) const +{ + if ((data.capacity() - data.size()) < 128) { + data.reserve(data.size() + 128); + } + pdns::ProtoZero::Message m{data}; + + m.setType(d_type); + + if (d_time) { + m.setTime(d_time->first, d_time->second); + } + else { + struct timespec ts; + gettime(&ts, true); + m.setTime(ts.tv_sec, ts.tv_nsec / 1000); + } + + const auto distProto = d_dq.getProtocol(); + pdns::ProtoZero::Message::TransportProtocol protocol = pdns::ProtoZero::Message::TransportProtocol::UDP; + + if (distProto == dnsdist::Protocol::DoTCP) { + protocol = pdns::ProtoZero::Message::TransportProtocol::TCP; + } + else if (distProto == dnsdist::Protocol::DoT) { + protocol = pdns::ProtoZero::Message::TransportProtocol::DoT; + } + else if (distProto == dnsdist::Protocol::DoH) { + protocol = pdns::ProtoZero::Message::TransportProtocol::DoH; + } + else if (distProto == dnsdist::Protocol::DNSCryptUDP) { + protocol = pdns::ProtoZero::Message::TransportProtocol::DNSCryptUDP; + } + else if (distProto == dnsdist::Protocol::DNSCryptTCP) { + protocol = pdns::ProtoZero::Message::TransportProtocol::DNSCryptTCP; + } + + m.setRequest(d_dq.uniqueId ? *d_dq.uniqueId : getUniqueID(), d_requestor ? *d_requestor : *d_dq.remote, d_responder ? *d_responder : *d_dq.local, d_question ? d_question->d_name : *d_dq.qname, d_question ? d_question->d_type : d_dq.qtype, d_question ? d_question->d_class : d_dq.qclass, d_dq.getHeader()->id, protocol, d_bytes ? *d_bytes : d_dq.getData().size()); + + if (d_serverIdentity) { + m.setServerIdentity(*d_serverIdentity); + } + else if (d_ServerIdentityRef != nullptr) { + m.setServerIdentity(*d_ServerIdentityRef); + } + + if (d_ednsSubnet) { + m.setEDNSSubnet(*d_ednsSubnet, 128); + } + + m.startResponse(); + if (d_queryTime) { + m.setQueryTime(d_queryTime->first, d_queryTime->second); + } + else { + m.setQueryTime(d_dq.queryTime->tv_sec, d_dq.queryTime->tv_nsec / 1000); + } + + if (d_dr != nullptr) { + m.setResponseCode(d_rcode ? *d_rcode : d_dr->getHeader()->rcode); + m.addRRsFromPacket(reinterpret_cast(d_dr->getData().data()), d_dr->getData().size(), d_includeCNAME); + } + else { + if (d_rcode) { + m.setResponseCode(*d_rcode); + } + } + + for (const auto& rr : d_additionalRRs) { + m.addRR(rr.d_name, rr.d_type, rr.d_class, rr.d_ttl, rr.d_data); + } + + for (const auto& tag : d_additionalTags) { + m.addPolicyTag(tag); + } + + m.commitResponse(); +} diff --git a/dnsdist-protobuf.hh b/dnsdist-protobuf.hh new file mode 100644 index 0000000..82f308e --- /dev/null +++ b/dnsdist-protobuf.hh @@ -0,0 +1,93 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include "dnsdist.hh" +#include "dnsname.hh" +#include "protozero.hh" + +class DNSDistProtoBufMessage +{ +public: + DNSDistProtoBufMessage(const DNSQuestion& dq); + DNSDistProtoBufMessage(const DNSResponse& dr, bool includeCNAME); + + void setServerIdentity(const std::string& serverId); + void setRequestor(const ComboAddress& requestor); + void setResponder(const ComboAddress& responder); + void setRequestorPort(uint16_t port); + void setResponderPort(uint16_t port); + void setResponseCode(uint8_t rcode); + void setType(pdns::ProtoZero::Message::MessageType type); + void setBytes(size_t bytes); + void setTime(time_t sec, uint32_t usec); + void setQueryTime(time_t sec, uint32_t usec); + void setQuestion(const DNSName& name, uint16_t qtype, uint16_t qclass); + void setEDNSSubnet(const Netmask& nm); + + void addTag(const std::string& strValue); + void addRR(DNSName&& qname, uint16_t uType, uint16_t uClass, uint32_t uTTL, const std::string& data); + + void serialize(std::string& data) const; + + std::string toDebugString() const; + +private: + struct PBRecord + { + DNSName d_name; + std::string d_data; + uint32_t d_ttl; + uint16_t d_type; + uint16_t d_class; + }; + struct PBQuestion + { + PBQuestion(const DNSName& name, uint16_t type, uint16_t class_): d_name(name), d_type(type), d_class(class_) + { + } + + DNSName d_name; + uint16_t d_type; + uint16_t d_class; + }; + + std::vector d_additionalRRs; + std::vector d_additionalTags; + + const DNSQuestion& d_dq; + const DNSResponse* d_dr{nullptr}; + const std::string* d_ServerIdentityRef{nullptr}; + + boost::optional d_question{boost::none}; + boost::optional d_serverIdentity{boost::none}; + boost::optional d_requestor{boost::none}; + boost::optional d_responder{boost::none}; + boost::optional d_ednsSubnet{boost::none}; + boost::optional> d_time{boost::none}; + boost::optional> d_queryTime{boost::none}; + boost::optional d_bytes{boost::none}; + boost::optional d_rcode{boost::none}; + + pdns::ProtoZero::Message::MessageType d_type{pdns::ProtoZero::Message::MessageType::DNSQueryType}; + bool d_includeCNAME{false}; +}; diff --git a/dnsdist-protocols.cc b/dnsdist-protocols.cc new file mode 100644 index 0000000..89b65ec --- /dev/null +++ b/dnsdist-protocols.cc @@ -0,0 +1,80 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include + +#include "dnsdist-protocols.hh" + +namespace dnsdist +{ +static const std::vector names = { + "DoUDP", + "DoTCP", + "DNSCryptUDP", + "DNSCryptTCP", + "DoT", + "DoH"}; + +static const std::vector prettyNames = { + "Do53 UDP", + "Do53 TCP", + "DNSCrypt UDP", + "DNSCrypt TCP", + "DNS over TLS", + "DNS over HTTPS"}; + +Protocol::Protocol(Protocol::typeenum protocol) : + d_protocol(protocol) +{ + if (protocol >= names.size()) { + throw std::runtime_error("Unknown protocol: '" + std::to_string(protocol) + "'"); + } +} + +Protocol::Protocol(const std::string& s) +{ + const auto& it = std::find(names.begin(), names.end(), s); + if (it == names.end()) { + throw std::runtime_error("Unknown protocol name: '" + s + "'"); + } + + auto index = std::distance(names.begin(), it); + d_protocol = static_cast(index); +} + +bool Protocol::operator==(Protocol::typeenum type) const +{ + return d_protocol == type; +} + +const std::string& Protocol::toString() const +{ + return names.at(static_cast(d_protocol)); +} + +const std::string& Protocol::toPrettyString() const +{ + return prettyNames.at(static_cast(d_protocol)); +} + +} diff --git a/dnsdist-protocols.hh b/dnsdist-protocols.hh new file mode 100644 index 0000000..a90e6e0 --- /dev/null +++ b/dnsdist-protocols.hh @@ -0,0 +1,53 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include +#include + +namespace dnsdist +{ +class Protocol +{ +public: + enum typeenum : uint8_t + { + DoUDP, + DoTCP, + DNSCryptUDP, + DNSCryptTCP, + DoT, + DoH + }; + + Protocol(typeenum protocol = DoUDP); + explicit Protocol(const std::string& protocol); + + bool operator==(typeenum) const; + + const std::string& toString() const; + const std::string& toPrettyString() const; + +private: + typeenum d_protocol; +}; +} diff --git a/dnsdist-proxy-protocol.cc b/dnsdist-proxy-protocol.cc new file mode 100644 index 0000000..6a3e978 --- /dev/null +++ b/dnsdist-proxy-protocol.cc @@ -0,0 +1,111 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "dnsdist-proxy-protocol.hh" +#include "dolog.hh" + +NetmaskGroup g_proxyProtocolACL; +size_t g_proxyProtocolMaximumSize = 512; +bool g_applyACLToProxiedClients = false; + +std::string getProxyProtocolPayload(const DNSQuestion& dq) +{ + return makeProxyHeader(dq.overTCP(), *dq.remote, *dq.local, dq.proxyProtocolValues ? *dq.proxyProtocolValues : std::vector()); +} + +bool addProxyProtocol(DNSQuestion& dq, const std::string& payload) +{ + if (!dq.hasRoomFor(payload.size())) { + return false; + } + + return addProxyProtocol(dq.getMutableData(), payload); +} + +bool addProxyProtocol(DNSQuestion& dq, size_t* payloadSize) +{ + auto payload = getProxyProtocolPayload(dq); + if (payloadSize != nullptr) { + *payloadSize = payload.size(); + } + + return addProxyProtocol(dq, payload); +} + +bool addProxyProtocol(PacketBuffer& buffer, const std::string& payload) +{ + auto previousSize = buffer.size(); + if (payload.size() > (std::numeric_limits::max() - previousSize)) { + return false; + } + + buffer.insert(buffer.begin(), payload.begin(), payload.end()); + + return true; +} + +bool addProxyProtocol(PacketBuffer& buffer, bool tcp, const ComboAddress& source, const ComboAddress& destination, const std::vector& values) +{ + auto payload = makeProxyHeader(tcp, source, destination, values); + return addProxyProtocol(buffer, payload); +} + +bool expectProxyProtocolFrom(const ComboAddress& remote) +{ + return g_proxyProtocolACL.match(remote); +} + +bool handleProxyProtocol(const ComboAddress& remote, bool isTCP, const NetmaskGroup& acl, PacketBuffer& query, ComboAddress& realRemote, ComboAddress& realDestination, std::vector& values) +{ + bool tcp; + bool proxyProto; + + ssize_t used = parseProxyHeader(query, proxyProto, realRemote, realDestination, tcp, values); + if (used <= 0) { + ++g_stats.proxyProtocolInvalid; + vinfolog("Ignoring invalid proxy protocol (%d, %d) query over %s from %s", query.size(), used, (isTCP ? "TCP" : "UDP"), remote.toStringWithPort()); + return false; + } + else if (static_cast(used) > g_proxyProtocolMaximumSize) { + vinfolog("Proxy protocol header in %s packet from %s is larger than proxy-protocol-maximum-size (%d), dropping", (isTCP ? "TCP" : "UDP"), remote.toStringWithPort(), used); + ++g_stats.proxyProtocolInvalid; + return false; + } + + query.erase(query.begin(), query.begin() + used); + + /* on TCP we have not read the actual query yet */ + if (!isTCP && query.size() < sizeof(struct dnsheader)) { + ++g_stats.nonCompliantQueries; + return false; + } + + if (proxyProto && g_applyACLToProxiedClients) { + if (!acl.match(realRemote)) { + vinfolog("Query from %s dropped because of ACL", realRemote.toStringWithPort()); + ++g_stats.aclDrops; + return false; + } + } + + return true; +} diff --git a/dnsdist-proxy-protocol.hh b/dnsdist-proxy-protocol.hh new file mode 100644 index 0000000..de7674a --- /dev/null +++ b/dnsdist-proxy-protocol.hh @@ -0,0 +1,38 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include "dnsdist.hh" + +extern NetmaskGroup g_proxyProtocolACL; +extern size_t g_proxyProtocolMaximumSize; +extern bool g_applyACLToProxiedClients; + +std::string getProxyProtocolPayload(const DNSQuestion& dq); + +bool addProxyProtocol(DNSQuestion& dq, size_t* proxyProtocolPayloadSize = nullptr); +bool addProxyProtocol(DNSQuestion& dq, const std::string& payload); +bool addProxyProtocol(PacketBuffer& buffer, const std::string& payload); +bool addProxyProtocol(PacketBuffer& buffer, bool tcp, const ComboAddress& source, const ComboAddress& destination, const std::vector& values); + +bool expectProxyProtocolFrom(const ComboAddress& remote); +bool handleProxyProtocol(const ComboAddress& remote, bool isTCP, const NetmaskGroup& acl, PacketBuffer& query, ComboAddress& realRemote, ComboAddress& realDestination, std::vector& values); diff --git a/dnsdist-rings.cc b/dnsdist-rings.cc new file mode 100644 index 0000000..f0c3caa --- /dev/null +++ b/dnsdist-rings.cc @@ -0,0 +1,160 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include + +#include "dnsdist-rings.hh" + +size_t Rings::numDistinctRequestors() +{ + std::set s; + for (const auto& shard : d_shards) { + auto rl = shard->queryRing.lock(); + for (const auto& q : *rl) { + s.insert(q.requestor); + } + } + return s.size(); +} + +std::unordered_map>> Rings::getTopBandwidth(unsigned int numentries) +{ + map counts; + uint64_t total=0; + for (const auto& shard : d_shards) { + { + auto rl = shard->queryRing.lock(); + for(const auto& q : *rl) { + counts[q.requestor] += q.size; + total+=q.size; + } + } + { + auto rl = shard->respRing.lock(); + for(const auto& r : *rl) { + counts[r.requestor] += r.size; + total+=r.size; + } + } + } + + typedef vector> ret_t; + ret_t rcounts; + rcounts.reserve(counts.size()); + for(const auto& p : counts) + rcounts.push_back({p.second, p.first}); + numentries = rcounts.size() < numentries ? rcounts.size() : numentries; + partial_sort(rcounts.begin(), rcounts.begin()+numentries, rcounts.end(), [](const ret_t::value_type&a, const ret_t::value_type&b) + { + return(b.first < a.first); + }); + std::unordered_map>> ret; + uint64_t rest = 0; + unsigned int count = 1; + for(const auto& rc : rcounts) { + if(count==numentries+1) { + rest+=rc.first; + } + else { + ret.insert({count++, {rc.second.toString(), rc.first, 100.0*rc.first/total}}); + } + } + + if (total > 0) { + ret.insert({count, {"Rest", rest, 100.0*rest/total}}); + } + else { + ret.insert({count, {"Rest", rest, 100.0 }}); + } + + return ret; +} + +size_t Rings::loadFromFile(const std::string& filepath, const struct timespec& now) +{ + ifstream ifs(filepath); + if (!ifs) { + throw std::runtime_error("unable to open the file at " + filepath); + } + + size_t inserted = 0; + string line; + dnsheader dh; + memset(&dh, 0, sizeof(dh)); + + while (std::getline(ifs, line)) { + boost::trim_right_if(line, boost::is_any_of(" \r\n\x1a")); + boost::trim_left(line); + bool isResponse = false; + vector parts; + stringtok(parts, line, " \t,"); + + if (parts.size() == 8) { + } + else if (parts.size() >= 11 && parts.size() <= 13) { + isResponse = true; + } + else { + cerr<<"skipping line with "< timeStr; + stringtok(timeStr, parts.at(idx++), "."); + if (timeStr.size() != 2) { + cerr<<"skipping invalid time "< +#include + +#include + +#include "circular_buffer.hh" +#include "dnsname.hh" +#include "iputils.hh" +#include "lock.hh" +#include "stat_t.hh" +#include "dnsdist-protocols.hh" + +struct Rings { + struct Query + { + ComboAddress requestor; + DNSName name; + struct timespec when; + struct dnsheader dh; + uint16_t size; + uint16_t qtype; + // incoming protocol + dnsdist::Protocol protocol; + }; + struct Response + { + ComboAddress requestor; + ComboAddress ds; // who handled it + DNSName name; + struct timespec when; + struct dnsheader dh; + unsigned int usec; + unsigned int size; + uint16_t qtype; + // outgoing protocol + dnsdist::Protocol protocol; + }; + + struct Shard + { + LockGuarded> queryRing{boost::circular_buffer()}; + LockGuarded> respRing{boost::circular_buffer()}; + }; + + Rings(size_t capacity=10000, size_t numberOfShards=10, size_t nbLockTries=5, bool keepLockingStats=false): d_blockingQueryInserts(0), d_blockingResponseInserts(0), d_deferredQueryInserts(0), d_deferredResponseInserts(0), d_nbQueryEntries(0), d_nbResponseEntries(0), d_currentShardId(0), d_numberOfShards(numberOfShards), d_nbLockTries(nbLockTries), d_keepLockingStats(keepLockingStats) + { + setCapacity(capacity, numberOfShards); + } + + std::unordered_map > > getTopBandwidth(unsigned int numentries); + size_t numDistinctRequestors(); + /* This function should only be called at configuration time before any query or response has been inserted */ + void setCapacity(size_t newCapacity, size_t numberOfShards) + { + if (numberOfShards <= 1) { + d_nbLockTries = 0; + } + + d_shards.resize(numberOfShards); + d_numberOfShards = numberOfShards; + + /* resize all the rings */ + for (auto& shard : d_shards) { + shard = std::make_unique(); + shard->queryRing.lock()->set_capacity(newCapacity / numberOfShards); + shard->respRing.lock()->set_capacity(newCapacity / numberOfShards); + } + + /* we just recreated the shards so they are now empty */ + d_nbQueryEntries = 0; + d_nbResponseEntries = 0; + } + + void setNumberOfLockRetries(size_t retries) + { + if (d_numberOfShards <= 1) { + d_nbLockTries = 0; + } else { + d_nbLockTries = retries; + } + } + + size_t getNumberOfShards() const + { + return d_numberOfShards; + } + + size_t getNumberOfQueryEntries() const + { + return d_nbQueryEntries; + } + + size_t getNumberOfResponseEntries() const + { + return d_nbResponseEntries; + } + + void insertQuery(const struct timespec& when, const ComboAddress& requestor, const DNSName& name, uint16_t qtype, uint16_t size, const struct dnsheader& dh, dnsdist::Protocol protocol) + { + for (size_t idx = 0; idx < d_nbLockTries; idx++) { + auto& shard = getOneShard(); + auto lock = shard->queryRing.try_lock(); + if (lock.owns_lock()) { + insertQueryLocked(*lock, when, requestor, name, qtype, size, dh, protocol); + return; + } + if (d_keepLockingStats) { + ++d_deferredQueryInserts; + } + } + + /* out of luck, let's just wait */ + if (d_keepLockingStats) { + ++d_blockingResponseInserts; + } + auto& shard = getOneShard(); + auto lock = shard->queryRing.lock(); + insertQueryLocked(*lock, when, requestor, name, qtype, size, dh, protocol); + } + + void insertResponse(const struct timespec& when, const ComboAddress& requestor, const DNSName& name, uint16_t qtype, unsigned int usec, unsigned int size, const struct dnsheader& dh, const ComboAddress& backend, dnsdist::Protocol protocol) + { + for (size_t idx = 0; idx < d_nbLockTries; idx++) { + auto& shard = getOneShard(); + auto lock = shard->respRing.try_lock(); + if (lock.owns_lock()) { + insertResponseLocked(*lock, when, requestor, name, qtype, usec, size, dh, backend, protocol); + return; + } + if (d_keepLockingStats) { + ++d_deferredResponseInserts; + } + } + + /* out of luck, let's just wait */ + if (d_keepLockingStats) { + ++d_blockingResponseInserts; + } + auto& shard = getOneShard(); + auto lock = shard->respRing.lock(); + insertResponseLocked(*lock, when, requestor, name, qtype, usec, size, dh, backend, protocol); + } + + void clear() + { + for (auto& shard : d_shards) { + shard->queryRing.lock()->clear(); + shard->respRing.lock()->clear(); + } + + d_nbQueryEntries.store(0); + d_nbResponseEntries.store(0); + d_currentShardId.store(0); + d_blockingQueryInserts.store(0); + d_blockingResponseInserts.store(0); + d_deferredQueryInserts.store(0); + d_deferredResponseInserts.store(0); + } + + /* load the content of the ring buffer from a file in the format emitted by grepq(), + only useful for debugging purposes */ + size_t loadFromFile(const std::string& filepath, const struct timespec& now); + + std::vector > d_shards; + pdns::stat_t d_blockingQueryInserts; + pdns::stat_t d_blockingResponseInserts; + pdns::stat_t d_deferredQueryInserts; + pdns::stat_t d_deferredResponseInserts; + +private: + size_t getShardId() + { + return (d_currentShardId++ % d_numberOfShards); + } + + std::unique_ptr& getOneShard() + { + return d_shards[getShardId()]; + } + + void insertQueryLocked(boost::circular_buffer& ring, const struct timespec& when, const ComboAddress& requestor, const DNSName& name, uint16_t qtype, uint16_t size, const struct dnsheader& dh, dnsdist::Protocol protocol) + { + if (!ring.full()) { + d_nbQueryEntries++; + } + ring.push_back({requestor, name, when, dh, size, qtype, protocol}); + } + + void insertResponseLocked(boost::circular_buffer& ring, const struct timespec& when, const ComboAddress& requestor, const DNSName& name, uint16_t qtype, unsigned int usec, unsigned int size, const struct dnsheader& dh, const ComboAddress& backend, dnsdist::Protocol protocol) + { + if (!ring.full()) { + d_nbResponseEntries++; + } + ring.push_back({requestor, backend, name, when, dh, usec, size, qtype, protocol}); + } + + std::atomic d_nbQueryEntries; + std::atomic d_nbResponseEntries; + std::atomic d_currentShardId; + + size_t d_numberOfShards; + size_t d_nbLockTries = 5; + bool d_keepLockingStats{false}; +}; + +extern Rings g_rings; diff --git a/dnsdist-rules.cc b/dnsdist-rules.cc new file mode 100644 index 0000000..96666a2 --- /dev/null +++ b/dnsdist-rules.cc @@ -0,0 +1,26 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "dnsdist-rules.hh" + +std::atomic LuaFFIPerThreadRule::s_functionsCounter = 0; +thread_local std::map LuaFFIPerThreadRule::t_perThreadStates; diff --git a/dnsdist-rules.hh b/dnsdist-rules.hh new file mode 100644 index 0000000..dda702e --- /dev/null +++ b/dnsdist-rules.hh @@ -0,0 +1,1312 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include "cachecleaner.hh" +#include "dnsdist.hh" +#include "dnsdist-ecs.hh" +#include "dnsdist-kvs.hh" +#include "dnsdist-lua-ffi.hh" +#include "dolog.hh" +#include "dnsparser.hh" + +class MaxQPSIPRule : public DNSRule +{ +public: + MaxQPSIPRule(unsigned int qps, unsigned int burst, unsigned int ipv4trunc=32, unsigned int ipv6trunc=64, unsigned int expiration=300, unsigned int cleanupDelay=60, unsigned int scanFraction=10): + d_qps(qps), d_burst(burst), d_ipv4trunc(ipv4trunc), d_ipv6trunc(ipv6trunc), d_cleanupDelay(cleanupDelay), d_expiration(expiration), d_scanFraction(scanFraction) + { + gettime(&d_lastCleanup, true); + } + + void clear() + { + d_limits.lock()->clear(); + } + + size_t cleanup(const struct timespec& cutOff, size_t* scannedCount=nullptr) const + { + auto limits = d_limits.lock(); + size_t toLook = limits->size() / d_scanFraction + 1; + size_t lookedAt = 0; + + size_t removed = 0; + auto& sequence = limits->get(); + for (auto entry = sequence.begin(); entry != sequence.end() && lookedAt < toLook; lookedAt++) { + if (entry->d_limiter.seenSince(cutOff)) { + /* entries are ordered from least recently seen to more recently + seen, as soon as we see one that has not expired yet, we are + done */ + lookedAt++; + break; + } + + entry = sequence.erase(entry); + removed++; + } + + if (scannedCount != nullptr) { + *scannedCount = lookedAt; + } + + return removed; + } + + void cleanupIfNeeded(const struct timespec& now) const + { + if (d_cleanupDelay > 0) { + struct timespec cutOff = d_lastCleanup; + cutOff.tv_sec += d_cleanupDelay; + + if (cutOff < now) { + /* the QPS Limiter doesn't use realtime, be careful! */ + gettime(&cutOff, false); + cutOff.tv_sec -= d_expiration; + + cleanup(cutOff); + + d_lastCleanup = now; + } + } + } + + bool matches(const DNSQuestion* dq) const override + { + cleanupIfNeeded(*dq->queryTime); + + ComboAddress zeroport(*dq->remote); + zeroport.sin4.sin_port=0; + zeroport.truncate(zeroport.sin4.sin_family == AF_INET ? d_ipv4trunc : d_ipv6trunc); + { + auto limits = d_limits.lock(); + auto iter = limits->find(zeroport); + if (iter == limits->end()) { + Entry e(zeroport, QPSLimiter(d_qps, d_burst)); + iter = limits->insert(e).first; + } + + moveCacheItemToBack(*limits, iter); + return !iter->d_limiter.check(d_qps, d_burst); + } + } + + string toString() const override + { + return "IP (/"+std::to_string(d_ipv4trunc)+", /"+std::to_string(d_ipv6trunc)+") match for QPS over " + std::to_string(d_qps) + " burst "+ std::to_string(d_burst); + } + + size_t getEntriesCount() const + { + return d_limits.lock()->size(); + } + +private: + struct OrderedTag {}; + struct SequencedTag {}; + struct Entry + { + Entry(const ComboAddress& addr, BasicQPSLimiter&& limiter): d_limiter(limiter), d_addr(addr) + { + } + mutable BasicQPSLimiter d_limiter; + ComboAddress d_addr; + }; + + typedef multi_index_container< + Entry, + indexed_by < + ordered_unique, member, ComboAddress::addressOnlyLessThan >, + sequenced > + > + > qpsContainer_t; + + mutable LockGuarded d_limits; + mutable struct timespec d_lastCleanup; + unsigned int d_qps, d_burst, d_ipv4trunc, d_ipv6trunc, d_cleanupDelay, d_expiration; + unsigned int d_scanFraction{10}; +}; + +class MaxQPSRule : public DNSRule +{ +public: + MaxQPSRule(unsigned int qps) + : d_qps(qps, qps) + {} + + MaxQPSRule(unsigned int qps, unsigned int burst) + : d_qps(qps, burst) + {} + + + bool matches(const DNSQuestion* qd) const override + { + return d_qps.check(); + } + + string toString() const override + { + return "Max " + std::to_string(d_qps.getRate()) + " qps"; + } + + +private: + mutable QPSLimiter d_qps; +}; + +class NMGRule : public DNSRule +{ +public: + NMGRule(const NetmaskGroup& nmg) : d_nmg(nmg) {} +protected: + NetmaskGroup d_nmg; +}; + +class NetmaskGroupRule : public NMGRule +{ +public: + NetmaskGroupRule(const NetmaskGroup& nmg, bool src, bool quiet = false) : NMGRule(nmg) + { + d_src = src; + d_quiet = quiet; + } + bool matches(const DNSQuestion* dq) const override + { + if(!d_src) { + return d_nmg.match(*dq->local); + } + return d_nmg.match(*dq->remote); + } + + string toString() const override + { + string ret = "Src: "; + if(!d_src) { + ret = "Dst: "; + } + if (d_quiet) { + return ret + "in-group"; + } + return ret + d_nmg.toString(); + } +private: + bool d_src; + bool d_quiet; +}; + +class TimedIPSetRule : public DNSRule, boost::noncopyable +{ +private: + struct IPv6 { + IPv6(const ComboAddress& ca) + { + static_assert(sizeof(*this)==16, "IPv6 struct has wrong size"); + memcpy((char*)this, ca.sin6.sin6_addr.s6_addr, 16); + } + bool operator==(const IPv6& rhs) const + { + return a==rhs.a && b==rhs.b; + } + uint64_t a, b; + }; + +public: + TimedIPSetRule() + { + } + ~TimedIPSetRule() + { + } + bool matches(const DNSQuestion* dq) const override + { + if (dq->remote->sin4.sin_family == AF_INET) { + auto ip4s = d_ip4s.read_lock(); + auto fnd = ip4s->find(dq->remote->sin4.sin_addr.s_addr); + if (fnd == ip4s->end()) { + return false; + } + return time(nullptr) < fnd->second; + } else { + auto ip6s = d_ip6s.read_lock(); + auto fnd = ip6s->find({*dq->remote}); + if (fnd == ip6s->end()) { + return false; + } + return time(nullptr) < fnd->second; + } + } + + void add(const ComboAddress& ca, time_t ttd) + { + // think twice before adding templates here + if (ca.sin4.sin_family == AF_INET) { + auto res = d_ip4s.write_lock()->insert({ca.sin4.sin_addr.s_addr, ttd}); + if (!res.second && (time_t)res.first->second < ttd) { + res.first->second = (uint32_t)ttd; + } + } + else { + auto res = d_ip6s.write_lock()->insert({{ca}, ttd}); + if (!res.second && (time_t)res.first->second < ttd) { + res.first->second = (uint32_t)ttd; + } + } + } + + void remove(const ComboAddress& ca) + { + if (ca.sin4.sin_family == AF_INET) { + d_ip4s.write_lock()->erase(ca.sin4.sin_addr.s_addr); + } + else { + d_ip6s.write_lock()->erase({ca}); + } + } + + void clear() + { + d_ip4s.write_lock()->clear(); + d_ip6s.write_lock()->clear(); + } + + void cleanup() + { + time_t now = time(nullptr); + { + auto ip4s = d_ip4s.write_lock(); + for (auto iter = ip4s->begin(); iter != ip4s->end(); ) { + if (iter->second < now) { + iter = ip4s->erase(iter); + } + else { + ++iter; + } + } + } + + { + auto ip6s = d_ip6s.write_lock(); + for (auto iter = ip6s->begin(); iter != ip6s->end(); ) { + if (iter->second < now) { + iter = ip6s->erase(iter); + } + else { + ++iter; + } + } + + } + + } + + string toString() const override + { + time_t now = time(nullptr); + uint64_t count = 0; + + for (const auto& ip : *(d_ip4s.read_lock())) { + if (now < ip.second) { + ++count; + } + } + + for (const auto& ip : *(d_ip6s.read_lock())) { + if (now < ip.second) { + ++count; + } + } + + return "Src: "+std::to_string(count)+" ips"; + } +private: + struct IPv6Hash + { + std::size_t operator()(const IPv6& ip) const + { + auto ah=std::hash{}(ip.a); + auto bh=std::hash{}(ip.b); + return ah & (bh<<1); + } + }; + mutable SharedLockGuarded> d_ip6s; + mutable SharedLockGuarded> d_ip4s; +}; + + +class AllRule : public DNSRule +{ +public: + AllRule() {} + bool matches(const DNSQuestion* dq) const override + { + return true; + } + + string toString() const override + { + return "All"; + } + +}; + + +class DNSSECRule : public DNSRule +{ +public: + DNSSECRule() + { + + } + bool matches(const DNSQuestion* dq) const override + { + return dq->getHeader()->cd || (getEDNSZ(*dq) & EDNS_HEADER_FLAG_DO); // turns out dig sets ad by default.. + } + + string toString() const override + { + return "DNSSEC"; + } +}; + +class AndRule : public DNSRule +{ +public: + AndRule(const vector > >& rules) + { + for(const auto& r : rules) + d_rules.push_back(r.second); + } + + bool matches(const DNSQuestion* dq) const override + { + auto iter = d_rules.begin(); + for(; iter != d_rules.end(); ++iter) + if(!(*iter)->matches(dq)) + break; + return iter == d_rules.end(); + } + + string toString() const override + { + string ret; + for(const auto& rule : d_rules) { + if(!ret.empty()) + ret+= " && "; + ret += "("+ rule->toString()+")"; + } + return ret; + } +private: + + vector > d_rules; + +}; + + +class OrRule : public DNSRule +{ +public: + OrRule(const vector > >& rules) + { + for(const auto& r : rules) + d_rules.push_back(r.second); + } + + bool matches(const DNSQuestion* dq) const override + { + auto iter = d_rules.begin(); + for(; iter != d_rules.end(); ++iter) + if((*iter)->matches(dq)) + return true; + return false; + } + + string toString() const override + { + string ret; + for(const auto& rule : d_rules) { + if(!ret.empty()) + ret+= " || "; + ret += "("+ rule->toString()+")"; + } + return ret; + } +private: + + vector > d_rules; + +}; + + +class RegexRule : public DNSRule +{ +public: + RegexRule(const std::string& regex) : d_regex(regex), d_visual(regex) + { + + } + bool matches(const DNSQuestion* dq) const override + { + return d_regex.match(dq->qname->toStringNoDot()); + } + + string toString() const override + { + return "Regex: "+d_visual; + } +private: + Regex d_regex; + string d_visual; +}; + +#ifdef HAVE_RE2 +#include +class RE2Rule : public DNSRule +{ +public: + RE2Rule(const std::string& re2) : d_re2(re2, RE2::Latin1), d_visual(re2) + { + + } + bool matches(const DNSQuestion* dq) const override + { + return RE2::FullMatch(dq->qname->toStringNoDot(), d_re2); + } + + string toString() const override + { + return "RE2 match: "+d_visual; + } +private: + RE2 d_re2; + string d_visual; +}; +#endif + +#ifdef HAVE_DNS_OVER_HTTPS +class HTTPHeaderRule : public DNSRule +{ +public: + HTTPHeaderRule(const std::string& header, const std::string& regex); + bool matches(const DNSQuestion* dq) const override; + string toString() const override; +private: + string d_header; + Regex d_regex; + string d_visual; +}; + +class HTTPPathRule : public DNSRule +{ +public: + HTTPPathRule(const std::string& path); + bool matches(const DNSQuestion* dq) const override; + string toString() const override; +private: + string d_path; +}; + +class HTTPPathRegexRule : public DNSRule +{ +public: + HTTPPathRegexRule(const std::string& regex); + bool matches(const DNSQuestion* dq) const override; + string toString() const override; +private: + Regex d_regex; + std::string d_visual; +}; +#endif + +class SNIRule : public DNSRule +{ +public: + SNIRule(const std::string& name) : d_sni(name) + { + } + bool matches(const DNSQuestion* dq) const override + { + return dq->sni == d_sni; + } + string toString() const override + { + return "SNI == " + d_sni; + } +private: + std::string d_sni; +}; + +class SuffixMatchNodeRule : public DNSRule +{ +public: + SuffixMatchNodeRule(const SuffixMatchNode& smn, bool quiet=false) : d_smn(smn), d_quiet(quiet) + { + } + bool matches(const DNSQuestion* dq) const override + { + return d_smn.check(*dq->qname); + } + string toString() const override + { + if(d_quiet) + return "qname==in-set"; + else + return "qname in "+d_smn.toString(); + } +private: + SuffixMatchNode d_smn; + bool d_quiet; +}; + +class QNameRule : public DNSRule +{ +public: + QNameRule(const DNSName& qname) : d_qname(qname) + { + } + + bool matches(const DNSQuestion* dq) const override + { + return d_qname==*dq->qname; + } + string toString() const override + { + return "qname=="+d_qname.toString(); + } +private: + DNSName d_qname; +}; + +class QNameSetRule : public DNSRule { +public: + QNameSetRule(const DNSNameSet& names) : qname_idx(names) {} + + bool matches(const DNSQuestion* dq) const override { + return qname_idx.find(*dq->qname) != qname_idx.end(); + } + + string toString() const override { + std::stringstream ss; + ss << "qname in DNSNameSet(" << qname_idx.size() << " FQDNs)"; + return ss.str(); + } +private: + DNSNameSet qname_idx; +}; + +class QTypeRule : public DNSRule +{ +public: + QTypeRule(uint16_t qtype) : d_qtype(qtype) + { + } + bool matches(const DNSQuestion* dq) const override + { + return d_qtype == dq->qtype; + } + string toString() const override + { + QType qt(d_qtype); + return "qtype=="+qt.toString(); + } +private: + uint16_t d_qtype; +}; + +class QClassRule : public DNSRule +{ +public: + QClassRule(uint16_t qclass) : d_qclass(qclass) + { + } + bool matches(const DNSQuestion* dq) const override + { + return d_qclass == dq->qclass; + } + string toString() const override + { + return "qclass=="+std::to_string(d_qclass); + } +private: + uint16_t d_qclass; +}; + +class OpcodeRule : public DNSRule +{ +public: + OpcodeRule(uint8_t opcode) : d_opcode(opcode) + { + } + bool matches(const DNSQuestion* dq) const override + { + return d_opcode == dq->getHeader()->opcode; + } + string toString() const override + { + return "opcode=="+std::to_string(d_opcode); + } +private: + uint8_t d_opcode; +}; + +class DSTPortRule : public DNSRule +{ +public: + DSTPortRule(uint16_t port) : d_port(port) + { + } + bool matches(const DNSQuestion* dq) const override + { + return htons(d_port) == dq->local->sin4.sin_port; + } + string toString() const override + { + return "dst port=="+std::to_string(d_port); + } +private: + uint16_t d_port; +}; + +class TCPRule : public DNSRule +{ +public: + TCPRule(bool tcp): d_tcp(tcp) + { + } + bool matches(const DNSQuestion* dq) const override + { + return dq->overTCP() == d_tcp; + } + string toString() const override + { + return (d_tcp ? "TCP" : "UDP"); + } +private: + bool d_tcp; +}; + + +class NotRule : public DNSRule +{ +public: + NotRule(shared_ptr& rule): d_rule(rule) + { + } + bool matches(const DNSQuestion* dq) const override + { + return !d_rule->matches(dq); + } + string toString() const override + { + return "!("+ d_rule->toString()+")"; + } +private: + shared_ptr d_rule; +}; + +class RecordsCountRule : public DNSRule +{ +public: + RecordsCountRule(uint8_t section, uint16_t minCount, uint16_t maxCount): d_minCount(minCount), d_maxCount(maxCount), d_section(section) + { + } + bool matches(const DNSQuestion* dq) const override + { + uint16_t count = 0; + switch(d_section) { + case 0: + count = ntohs(dq->getHeader()->qdcount); + break; + case 1: + count = ntohs(dq->getHeader()->ancount); + break; + case 2: + count = ntohs(dq->getHeader()->nscount); + break; + case 3: + count = ntohs(dq->getHeader()->arcount); + break; + } + return count >= d_minCount && count <= d_maxCount; + } + string toString() const override + { + string section; + switch(d_section) { + case 0: + section = "QD"; + break; + case 1: + section = "AN"; + break; + case 2: + section = "NS"; + break; + case 3: + section = "AR"; + break; + } + return std::to_string(d_minCount) + " <= records in " + section + " <= "+ std::to_string(d_maxCount); + } +private: + uint16_t d_minCount; + uint16_t d_maxCount; + uint8_t d_section; +}; + +class RecordsTypeCountRule : public DNSRule +{ +public: + RecordsTypeCountRule(uint8_t section, uint16_t type, uint16_t minCount, uint16_t maxCount): d_type(type), d_minCount(minCount), d_maxCount(maxCount), d_section(section) + { + } + bool matches(const DNSQuestion* dq) const override + { + uint16_t count = 0; + switch(d_section) { + case 0: + count = ntohs(dq->getHeader()->qdcount); + break; + case 1: + count = ntohs(dq->getHeader()->ancount); + break; + case 2: + count = ntohs(dq->getHeader()->nscount); + break; + case 3: + count = ntohs(dq->getHeader()->arcount); + break; + } + if (count < d_minCount) { + return false; + } + count = getRecordsOfTypeCount(reinterpret_cast(dq->getData().data()), dq->getData().size(), d_section, d_type); + return count >= d_minCount && count <= d_maxCount; + } + string toString() const override + { + string section; + switch(d_section) { + case 0: + section = "QD"; + break; + case 1: + section = "AN"; + break; + case 2: + section = "NS"; + break; + case 3: + section = "AR"; + break; + } + return std::to_string(d_minCount) + " <= " + QType(d_type).toString() + " records in " + section + " <= "+ std::to_string(d_maxCount); + } +private: + uint16_t d_type; + uint16_t d_minCount; + uint16_t d_maxCount; + uint8_t d_section; +}; + +class TrailingDataRule : public DNSRule +{ +public: + TrailingDataRule() + { + } + bool matches(const DNSQuestion* dq) const override + { + uint16_t length = getDNSPacketLength(reinterpret_cast(dq->getData().data()), dq->getData().size()); + return length < dq->getData().size(); + } + string toString() const override + { + return "trailing data"; + } +}; + +class QNameLabelsCountRule : public DNSRule +{ +public: + QNameLabelsCountRule(unsigned int minLabelsCount, unsigned int maxLabelsCount): d_min(minLabelsCount), d_max(maxLabelsCount) + { + } + bool matches(const DNSQuestion* dq) const override + { + unsigned int count = dq->qname->countLabels(); + return count < d_min || count > d_max; + } + string toString() const override + { + return "labels count < " + std::to_string(d_min) + " || labels count > " + std::to_string(d_max); + } +private: + unsigned int d_min; + unsigned int d_max; +}; + +class QNameWireLengthRule : public DNSRule +{ +public: + QNameWireLengthRule(size_t min, size_t max): d_min(min), d_max(max) + { + } + bool matches(const DNSQuestion* dq) const override + { + size_t const wirelength = dq->qname->wirelength(); + return wirelength < d_min || wirelength > d_max; + } + string toString() const override + { + return "wire length < " + std::to_string(d_min) + " || wire length > " + std::to_string(d_max); + } +private: + size_t d_min; + size_t d_max; +}; + +class RCodeRule : public DNSRule +{ +public: + RCodeRule(uint8_t rcode) : d_rcode(rcode) + { + } + bool matches(const DNSQuestion* dq) const override + { + return d_rcode == dq->getHeader()->rcode; + } + string toString() const override + { + return "rcode=="+RCode::to_s(d_rcode); + } +private: + uint8_t d_rcode; +}; + +class ERCodeRule : public DNSRule +{ +public: + ERCodeRule(uint8_t rcode) : d_rcode(rcode & 0xF), d_extrcode(rcode >> 4) + { + } + bool matches(const DNSQuestion* dq) const override + { + // avoid parsing EDNS OPT RR when not needed. + if (d_rcode != dq->getHeader()->rcode) { + return false; + } + + EDNS0Record edns0; + if (!getEDNS0Record(*dq, edns0)) { + return false; + } + + return d_extrcode == edns0.extRCode; + } + string toString() const override + { + return "ercode=="+ERCode::to_s(d_rcode | (d_extrcode << 4)); + } +private: + uint8_t d_rcode; // plain DNS Rcode + uint8_t d_extrcode; // upper bits in EDNS0 record +}; + +class EDNSVersionRule : public DNSRule +{ +public: + EDNSVersionRule(uint8_t version) : d_version(version) + { + } + bool matches(const DNSQuestion* dq) const override + { + EDNS0Record edns0; + if (!getEDNS0Record(*dq, edns0)) { + return false; + } + + return d_version < edns0.version; + } + string toString() const override + { + return "ednsversion>"+std::to_string(d_version); + } +private: + uint8_t d_version; +}; + +class EDNSOptionRule : public DNSRule +{ +public: + EDNSOptionRule(uint16_t optcode) : d_optcode(optcode) + { + } + bool matches(const DNSQuestion* dq) const override + { + uint16_t optStart; + size_t optLen = 0; + bool last = false; + int res = locateEDNSOptRR(dq->getData(), &optStart, &optLen, &last); + if (res != 0) { + // no EDNS OPT RR + return false; + } + + if (optLen < optRecordMinimumSize) { + return false; + } + + if (optStart < dq->getData().size() && dq->getData().at(optStart) != 0) { + // OPT RR Name != '.' + return false; + } + + return isEDNSOptionInOpt(dq->getData(), optStart, optLen, d_optcode); + } + string toString() const override + { + return "ednsoptcode=="+std::to_string(d_optcode); + } +private: + uint16_t d_optcode; +}; + +class RDRule : public DNSRule +{ +public: + RDRule() + { + } + bool matches(const DNSQuestion* dq) const override + { + return dq->getHeader()->rd == 1; + } + string toString() const override + { + return "rd==1"; + } +}; + +class ProbaRule : public DNSRule +{ +public: + ProbaRule(double proba) : d_proba(proba) + { + } + bool matches(const DNSQuestion* dq) const override + { + if(d_proba == 1.0) + return true; + double rnd = 1.0*random() / RAND_MAX; + return rnd > (1.0 - d_proba); + } + string toString() const override + { + return "match with prob. " + (boost::format("%0.2f") % d_proba).str(); + } +private: + double d_proba; +}; + +class TagRule : public DNSRule +{ +public: + TagRule(const std::string& tag, boost::optional value) : d_value(value), d_tag(tag) + { + } + bool matches(const DNSQuestion* dq) const override + { + if (!dq->qTag) { + return false; + } + + const auto it = dq->qTag->find(d_tag); + if (it == dq->qTag->cend()) { + return false; + } + + if (!d_value) { + return true; + } + + return it->second == *d_value; + } + + string toString() const override + { + return "tag '" + d_tag + "' is set" + (d_value ? (" to '" + *d_value + "'") : ""); + } + +private: + boost::optional d_value; + std::string d_tag; +}; + +class PoolAvailableRule : public DNSRule +{ +public: + PoolAvailableRule(const std::string& poolname) : d_pools(&g_pools), d_poolname(poolname) + { + } + + bool matches(const DNSQuestion* dq) const override + { + return (getPool(*d_pools, d_poolname)->countServers(true) > 0); + } + + string toString() const override + { + return "pool '" + d_poolname + "' is available"; + } +private: + mutable LocalStateHolder d_pools; + std::string d_poolname; +}; + +class PoolOutstandingRule : public DNSRule +{ +public: + PoolOutstandingRule(const std::string& poolname, const size_t limit) : d_pools(&g_pools), d_poolname(poolname), d_limit(limit) + { + } + + bool matches(const DNSQuestion* dq) const override + { + return (getPool(*d_pools, d_poolname)->poolLoad()) > d_limit; + } + + string toString() const override + { + return "pool '" + d_poolname + "' outstanding > " + std::to_string(d_limit); + } +private: + mutable LocalStateHolder d_pools; + std::string d_poolname; + size_t d_limit; +}; + +class KeyValueStoreLookupRule: public DNSRule +{ +public: + KeyValueStoreLookupRule(std::shared_ptr& kvs, std::shared_ptr& lookupKey): d_kvs(kvs), d_key(lookupKey) + { + } + + bool matches(const DNSQuestion* dq) const override + { + std::vector keys = d_key->getKeys(*dq); + for (const auto& key : keys) { + if (d_kvs->keyExists(key) == true) { + return true; + } + } + + return false; + } + + string toString() const override + { + return "lookup key-value store based on '" + d_key->toString() + "'"; + } + +private: + std::shared_ptr d_kvs; + std::shared_ptr d_key; +}; + +class KeyValueStoreRangeLookupRule: public DNSRule +{ +public: + KeyValueStoreRangeLookupRule(std::shared_ptr& kvs, std::shared_ptr& lookupKey): d_kvs(kvs), d_key(lookupKey) + { + } + + bool matches(const DNSQuestion* dq) const override + { + std::vector keys = d_key->getKeys(*dq); + for (const auto& key : keys) { + std::string value; + if (d_kvs->getRangeValue(key, value) == true) { + return true; + } + } + + return false; + } + + string toString() const override + { + return "range-based lookup key-value store based on '" + d_key->toString() + "'"; + } + +private: + std::shared_ptr d_kvs; + std::shared_ptr d_key; +}; + +class LuaRule : public DNSRule +{ +public: + typedef std::function func_t; + LuaRule(const func_t& func): d_func(func) + {} + + bool matches(const DNSQuestion* dq) const override + { + try { + auto lock = g_lua.lock(); + return d_func(dq); + } catch (const std::exception &e) { + warnlog("LuaRule failed inside Lua: %s", e.what()); + } catch (...) { + warnlog("LuaRule failed inside Lua: [unknown exception]"); + } + return false; + } + + string toString() const override + { + return "Lua script"; + } +private: + func_t d_func; +}; + +class LuaFFIRule : public DNSRule +{ +public: + typedef std::function func_t; + LuaFFIRule(const func_t& func): d_func(func) + {} + + bool matches(const DNSQuestion* dq) const override + { + dnsdist_ffi_dnsquestion_t dqffi(const_cast(dq)); + try { + auto lock = g_lua.lock(); + return d_func(&dqffi); + } catch (const std::exception &e) { + warnlog("LuaFFIRule failed inside Lua: %s", e.what()); + } catch (...) { + warnlog("LuaFFIRule failed inside Lua: [unknown exception]"); + } + return false; + } + + string toString() const override + { + return "Lua FFI script"; + } +private: + func_t d_func; +}; + +class LuaFFIPerThreadRule : public DNSRule +{ +public: + typedef std::function func_t; + + LuaFFIPerThreadRule(const std::string& code): d_functionCode(code), d_functionID(s_functionsCounter++) + { + } + + bool matches(const DNSQuestion* dq) const override + { + try { + auto& state = t_perThreadStates[d_functionID]; + if (!state.d_initialized) { + setupLuaFFIPerThreadContext(state.d_luaContext); + /* mark the state as initialized first so if there is a syntax error + we only try to execute the code once */ + state.d_initialized = true; + state.d_func = state.d_luaContext.executeCode(d_functionCode); + } + + if (!state.d_func) { + /* the function was not properly initialized */ + return false; + } + + dnsdist_ffi_dnsquestion_t dqffi(const_cast(dq)); + return state.d_func(&dqffi); + } + catch (const std::exception &e) { + warnlog("LuaFFIPerthreadRule failed inside Lua: %s", e.what()); + } + catch (...) { + warnlog("LuaFFIPerThreadRule failed inside Lua: [unknown exception]"); + } + return false; + } + + string toString() const override + { + return "Lua FFI per-thread script"; + } +private: + struct PerThreadState + { + LuaContext d_luaContext; + func_t d_func; + bool d_initialized{false}; + }; + + static std::atomic s_functionsCounter; + static thread_local std::map t_perThreadStates; + const std::string d_functionCode; + const uint64_t d_functionID; +}; + +class ProxyProtocolValueRule : public DNSRule +{ +public: + ProxyProtocolValueRule(uint8_t type, boost::optional value): d_value(value), d_type(type) + { + } + + bool matches(const DNSQuestion* dq) const override + { + if (!dq->proxyProtocolValues) { + return false; + } + + for (const auto& entry : *dq->proxyProtocolValues) { + if (entry.type == d_type && (!d_value || entry.content == *d_value)) { + return true; + } + } + + return false; + } + + string toString() const override + { + if (d_value) { + return "proxy protocol value of type " + std::to_string(d_type) + " matches"; + } + return "proxy protocol value of type " + std::to_string(d_type) + " is present"; + } + +private: + boost::optional d_value; + uint8_t d_type; +}; diff --git a/dnsdist-secpoll.cc b/dnsdist-secpoll.cc new file mode 100644 index 0000000..79e3f69 --- /dev/null +++ b/dnsdist-secpoll.cc @@ -0,0 +1,246 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include "config.h" + +#include +#include + +#ifdef HAVE_LIBSODIUM +#include +#endif /* HAVE_LIBSODIUM */ + +#include "dnsparser.hh" +#include "dolog.hh" +#include "iputils.hh" +#include "misc.hh" +#include "sstuff.hh" + +#include "dnsdist.hh" +#include "dnsdist-secpoll.hh" + +#ifndef PACKAGEVERSION +#define PACKAGEVERSION PACKAGE_VERSION +#endif + +static std::string getFirstTXTAnswer(const std::string& answer) +{ + if (answer.size() <= sizeof(struct dnsheader)) { + throw std::runtime_error("Looking for a TXT record in an answer smaller than the DNS header"); + } + + const struct dnsheader* dh = reinterpret_cast(answer.data()); + PacketReader pr(answer); + uint16_t qdcount = ntohs(dh->qdcount); + uint16_t ancount = ntohs(dh->ancount); + + DNSName rrname; + uint16_t rrtype; + uint16_t rrclass; + + size_t idx = 0; + /* consume qd */ + for(; idx < qdcount; idx++) { + rrname = pr.getName(); + rrtype = pr.get16BitInt(); + rrclass = pr.get16BitInt(); + (void) rrtype; + (void) rrclass; + } + + /* parse AN */ + for (idx = 0; idx < ancount; idx++) { + string blob; + struct dnsrecordheader ah; + rrname = pr.getName(); + pr.getDnsrecordheader(ah); + + if (ah.d_type == QType::TXT) { + string txt; + pr.xfrText(txt); + + return txt; + } + else { + pr.xfrBlob(blob); + } + } + + throw std::runtime_error("No TXT record in answer"); +} + +static std::string getSecPollStatus(const std::string& queriedName, int timeout=2) +{ + const DNSName& sentName = DNSName(queriedName); + std::vector packet; + DNSPacketWriter pw(packet, sentName, QType::TXT); + pw.getHeader()->id = getRandomDNSID(); + pw.getHeader()->rd = 1; + + const auto& resolversForStub = getResolvers("/etc/resolv.conf"); + + for(const auto& dest : resolversForStub) { + Socket sock(dest.sin4.sin_family, SOCK_DGRAM); + sock.setNonBlocking(); + sock.connect(dest); + sock.send(string(packet.begin(), packet.end())); + + string reply; + int ret = waitForData(sock.getHandle(), timeout, 0); + if (ret < 0) { + if (g_verbose) { + warnlog("Error while waiting for the secpoll response from stub resolver %s: %d", dest.toString(), ret); + } + continue; + } + else if (ret == 0) { + if (g_verbose) { + warnlog("Timeout while waiting for the secpoll response from stub resolver %s", dest.toString()); + } + continue; + } + + try { + sock.read(reply); + } + catch(const std::exception& e) { + if (g_verbose) { + warnlog("Error while reading for the secpoll response from stub resolver %s: %s", dest.toString(), e.what()); + } + continue; + } + + if (reply.size() <= sizeof(struct dnsheader)) { + if (g_verbose) { + warnlog("Too short answer of size %d received from the secpoll stub resolver %s", reply.size(), dest.toString()); + } + continue; + } + + struct dnsheader d; + memcpy(&d, reply.c_str(), sizeof(d)); + if (d.id != pw.getHeader()->id) { + if (g_verbose) { + warnlog("Invalid ID (%d / %d) received from the secpoll stub resolver %s", d.id, pw.getHeader()->id, dest.toString()); + } + continue; + } + + if (d.rcode != RCode::NoError) { + if (g_verbose) { + warnlog("Response code '%s' received from the secpoll stub resolver %s for '%s'", RCode::to_s(d.rcode), dest.toString(), queriedName); + } + + /* no need to try another resolver if the domain does not exist */ + if (d.rcode == RCode::NXDomain) { + throw std::runtime_error("Unable to get a valid Security Status update"); + } + continue; + } + + if (ntohs(d.qdcount) != 1 || ntohs(d.ancount) != 1) { + if (g_verbose) { + warnlog("Invalid answer (qdcount %d / ancount %d) received from the secpoll stub resolver %s", ntohs(d.qdcount), ntohs(d.ancount), dest.toString()); + } + continue; + } + + uint16_t receivedType; + uint16_t receivedClass; + DNSName receivedName(reply.c_str(), reply.size(), sizeof(dnsheader), false, &receivedType, &receivedClass); + + if (receivedName != sentName || receivedType != QType::TXT || receivedClass != QClass::IN) { + if (g_verbose) { + warnlog("Invalid answer, either the qname (%s / %s), qtype (%s / %s) or qclass (%s / %s) does not match, received from the secpoll stub resolver %s", receivedName, sentName, QType(receivedType).toString(), QType(QType::TXT).toString(), QClass(receivedClass).toString(), QClass::IN.toString(), dest.toString()); + } + continue; + } + + return getFirstTXTAnswer(reply); + } + + throw std::runtime_error("Unable to get a valid Security Status update"); +} + +static bool g_secPollDone{false}; +std::string g_secPollSuffix{"secpoll.powerdns.com."}; +time_t g_secPollInterval{3600}; + +void doSecPoll(const std::string& suffix) +{ + if (suffix.empty()) { + return; + } + + const std::string pkgv(PACKAGEVERSION); + bool releaseVersion = std::count(pkgv.begin(), pkgv.end(), '.') == 2; + const std::string version = "dnsdist-" + pkgv; + std::string queriedName = version.substr(0, 63) + ".security-status." + suffix; + + if (*queriedName.rbegin() != '.') { + queriedName += '.'; + } + + boost::replace_all(queriedName, "+", "_"); + boost::replace_all(queriedName, "~", "_"); + + try { + std::string status = getSecPollStatus(queriedName); + pair split = splitField(unquotify(status), ' '); + + int securityStatus = std::stoi(split.first); + std::string securityMessage = split.second; + + if(securityStatus == 1 && !g_secPollDone) { + warnlog("Polled security status of version %s at startup, no known issues reported: %s", std::string(VERSION), securityMessage); + } + if(securityStatus == 2) { + errlog("PowerDNS DNSDist Security Update Recommended: %s", securityMessage); + } + else if(securityStatus == 3) { + errlog("PowerDNS DNSDist Security Update Mandatory: %s", securityMessage); + } + + g_stats.securityStatus = securityStatus; + g_secPollDone = true; + return; + } + catch(const std::exception& e) { + if (releaseVersion) { + warnlog("Error while retrieving the security update for version %s: %s", version, e.what()); + } + else if (!g_secPollDone) { + infolog("Error while retrieving the security update for version %s: %s", version, e.what()); + } + } + + if (releaseVersion) { + warnlog("Failed to retrieve security status update for '%s' on %s", pkgv, queriedName); + } + else if (!g_secPollDone) { + infolog("Not validating response for security status update, this is a non-release version."); + + /* for non-released versions, there is no use sending the same message several times, + let's just accept that there will be no security polling for this exact version */ + g_secPollDone = true; + } +} diff --git a/dnsdist-secpoll.hh b/dnsdist-secpoll.hh new file mode 100644 index 0000000..c7d8869 --- /dev/null +++ b/dnsdist-secpoll.hh @@ -0,0 +1,27 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +extern std::string g_secPollSuffix; +extern time_t g_secPollInterval; + +void doSecPoll(const std::string& suffix); diff --git a/dnsdist-session-cache.cc b/dnsdist-session-cache.cc new file mode 100644 index 0000000..42ba272 --- /dev/null +++ b/dnsdist-session-cache.cc @@ -0,0 +1,90 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "dnsdist-session-cache.hh" + +TLSSessionCache g_sessionCache; + +time_t TLSSessionCache::s_cleanupDelay{60}; +time_t TLSSessionCache::s_sessionValidity{600}; +uint16_t TLSSessionCache::s_maxSessionsPerBackend{20}; + +void TLSSessionCache::cleanup(time_t now, LockGuardedHolder& data) +{ + time_t cutOff = now + s_sessionValidity; + + for (auto it = data->d_sessions.begin(); it != data->d_sessions.end();) { + if (it->second.d_lastUsed > cutOff || it->second.d_sessions.size() == 0) { + it = data->d_sessions.erase(it); + } + else { + ++it; + } + } + + data->d_nextCleanup = now + s_cleanupDelay; +} + +void TLSSessionCache::putSessions(const boost::uuids::uuid& backendID, time_t now, std::vector>&& sessions) +{ + auto data = d_data.lock(); + if (data->d_nextCleanup == 0 || now > data->d_nextCleanup) { + cleanup(now, data); + } + + for (auto& session : sessions) { + auto& entry = data->d_sessions[backendID]; + if (entry.d_sessions.size() >= s_maxSessionsPerBackend) { + entry.d_sessions.pop_back(); + } + entry.d_sessions.push_front(std::move(session)); + } +} + +std::unique_ptr TLSSessionCache::getSession(const boost::uuids::uuid& backendID, time_t now) +{ + auto data = d_data.lock(); + auto it = data->d_sessions.find(backendID); + if (it == data->d_sessions.end()) { + return nullptr; + } + + auto& entry = it->second; + if (entry.d_sessions.size() == 0) { + return nullptr; + } + + entry.d_lastUsed = now; + auto value = std::move(entry.d_sessions.front()); + entry.d_sessions.pop_front(); + + return value; +} + +size_t TLSSessionCache::getSize() +{ + size_t count = 0; + auto data = d_data.lock(); + for (const auto& backend : data->d_sessions) { + count += backend.second.d_sessions.size(); + } + return count; +} diff --git a/dnsdist-session-cache.hh b/dnsdist-session-cache.hh new file mode 100644 index 0000000..1881fb1 --- /dev/null +++ b/dnsdist-session-cache.hh @@ -0,0 +1,80 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include +#include + +#include "lock.hh" +#include "tcpiohandler.hh" +#include "uuid-utils.hh" + +class TLSSessionCache +{ +public: + TLSSessionCache() + { + } + + void putSessions(const boost::uuids::uuid& backendID, time_t now, std::vector>&& sessions); + std::unique_ptr getSession(const boost::uuids::uuid& backendID, time_t now); + + static void setCleanupDelay(time_t delay) + { + s_cleanupDelay = delay; + } + + static void setSessionValidity(time_t validity) + { + s_sessionValidity = validity; + } + + static void setMaxTicketsPerBackend(uint16_t max) + { + s_maxSessionsPerBackend = max; + } + + size_t getSize(); + +private: + static time_t s_cleanupDelay; + static time_t s_sessionValidity; + static uint16_t s_maxSessionsPerBackend; + + struct BackendEntry + { + std::deque> d_sessions; + time_t d_lastUsed{0}; + }; + + struct CacheData + { + // do we need to shard this? + std::map d_sessions; + time_t d_nextCleanup{0}; + }; + LockGuarded d_data; + + void cleanup(time_t now, LockGuardedHolder& data); +}; + +extern TLSSessionCache g_sessionCache; diff --git a/dnsdist-snmp.cc b/dnsdist-snmp.cc new file mode 100644 index 0000000..4da43ee --- /dev/null +++ b/dnsdist-snmp.cc @@ -0,0 +1,614 @@ + +#include "dnsdist-snmp.hh" +#include "dolog.hh" + +bool g_snmpEnabled{false}; +bool g_snmpTrapsEnabled{false}; +DNSDistSNMPAgent* g_snmpAgent{nullptr}; + +#ifdef HAVE_NET_SNMP + +#define DNSDIST_OID 1, 3, 6, 1, 4, 1, 43315, 3 +#define DNSDIST_STATS_OID DNSDIST_OID, 1 +#define DNSDIST_STATS_TABLE_OID DNSDIST_OID, 2 +#define DNSDIST_TRAPS_OID DNSDIST_OID, 10, 0 +#define DNSDIST_TRAP_OBJECTS_OID DNSDIST_OID, 11 + +static const oid queriesOID[] = { DNSDIST_STATS_OID, 1 }; +static const oid responsesOID[] = { DNSDIST_STATS_OID, 2 }; +static const oid servfailResponsesOID[] = { DNSDIST_STATS_OID, 3 }; +static const oid aclDropsOID[] = { DNSDIST_STATS_OID, 4 }; +// 5 was BlockFilter, removed in 1.2.0 +static const oid ruleDropOID[] = { DNSDIST_STATS_OID, 6 }; +static const oid ruleNXDomainOID[] = { DNSDIST_STATS_OID, 7 }; +static const oid ruleRefusedOID[] = { DNSDIST_STATS_OID, 8 }; +static const oid selfAnsweredOID[] = { DNSDIST_STATS_OID, 9 }; +static const oid downstreamTimeoutsOID[] = { DNSDIST_STATS_OID, 10 }; +static const oid downstreamSendErrorsOID[] = { DNSDIST_STATS_OID, 11 }; +static const oid truncFailOID[] = { DNSDIST_STATS_OID, 12 }; +static const oid noPolicyOID[] = { DNSDIST_STATS_OID, 13 }; +static const oid latency0_1OID[] = { DNSDIST_STATS_OID, 14 }; +static const oid latency1_10OID[] = { DNSDIST_STATS_OID, 15 }; +static const oid latency10_50OID[] = { DNSDIST_STATS_OID, 16 }; +static const oid latency50_100OID[] = { DNSDIST_STATS_OID, 17 }; +static const oid latency100_1000OID[] = { DNSDIST_STATS_OID, 18 }; +static const oid latencySlowOID[] = { DNSDIST_STATS_OID, 19 }; +static const oid latencyAvg100OID[] = { DNSDIST_STATS_OID, 20 }; +static const oid latencyAvg1000OID[] = { DNSDIST_STATS_OID, 21 }; +static const oid latencyAvg10000OID[] = { DNSDIST_STATS_OID, 22 }; +static const oid latencyAvg1000000OID[] = { DNSDIST_STATS_OID, 23 }; +static const oid uptimeOID[] = { DNSDIST_STATS_OID, 24 }; +static const oid realMemoryUsageOID[] = { DNSDIST_STATS_OID, 25 }; +static const oid nonCompliantQueriesOID[] = { DNSDIST_STATS_OID, 26 }; +static const oid nonCompliantResponsesOID[] = { DNSDIST_STATS_OID, 27 }; +static const oid rdQueriesOID[] = { DNSDIST_STATS_OID, 28 }; +static const oid emptyQueriesOID[] = { DNSDIST_STATS_OID, 29 }; +static const oid cacheHitsOID[] = { DNSDIST_STATS_OID, 30 }; +static const oid cacheMissesOID[] = { DNSDIST_STATS_OID, 31 }; +static const oid cpuUserMSecOID[] = { DNSDIST_STATS_OID, 32 }; +static const oid cpuSysMSecOID[] = { DNSDIST_STATS_OID, 33 }; +static const oid fdUsageOID[] = { DNSDIST_STATS_OID, 34 }; +static const oid dynBlockedOID[] = { DNSDIST_STATS_OID, 35 }; +static const oid dynBlockedNMGSizeOID[] = { DNSDIST_STATS_OID, 36 }; +static const oid ruleServFailOID[] = { DNSDIST_STATS_OID, 37 }; +static const oid securityStatusOID[] = { DNSDIST_STATS_OID, 38 }; +static const oid specialMemoryUsageOID[] = { DNSDIST_STATS_OID, 39 }; +static const oid ruleTruncatedOID[] = { DNSDIST_STATS_OID, 40 }; + +static std::unordered_map s_statsMap; + +/* We are never called for a GETNEXT if it's registered as a + "instance", as it's "magically" handled for us. */ +/* a instance handler also only hands us one request at a time, so + we don't need to loop over a list of requests; we'll only get one. */ + +static int handleCounter64Stats(netsnmp_mib_handler* handler, + netsnmp_handler_registration* reginfo, + netsnmp_agent_request_info* reqinfo, + netsnmp_request_info* requests) +{ + if (reqinfo->mode != MODE_GET) { + return SNMP_ERR_GENERR; + } + + if (reginfo->rootoid_len != OID_LENGTH(queriesOID) + 1) { + return SNMP_ERR_GENERR; + } + + const auto& it = s_statsMap.find(reginfo->rootoid[reginfo->rootoid_len - 2]); + if (it == s_statsMap.end()) { + return SNMP_ERR_GENERR; + } + + if (const auto& val = boost::get(&it->second)) { + return DNSDistSNMPAgent::setCounter64Value(requests, (*val)->load()); + } + + return SNMP_ERR_GENERR; +} + +static void registerCounter64Stat(const char* name, const oid statOID[], size_t statOIDLength, pdns::stat_t* ptr) +{ + if (statOIDLength != OID_LENGTH(queriesOID)) { + errlog("Invalid OID for SNMP Counter64 statistic %s", name); + return; + } + + if (s_statsMap.find(statOID[statOIDLength - 1]) != s_statsMap.end()) { + errlog("OID for SNMP Counter64 statistic %s has already been registered", name); + return; + } + + s_statsMap[statOID[statOIDLength - 1]] = ptr; + netsnmp_register_scalar(netsnmp_create_handler_registration(name, + handleCounter64Stats, + statOID, + statOIDLength, + HANDLER_CAN_RONLY)); +} + +static int handleFloatStats(netsnmp_mib_handler* handler, + netsnmp_handler_registration* reginfo, + netsnmp_agent_request_info* reqinfo, + netsnmp_request_info* requests) +{ + if (reqinfo->mode != MODE_GET) { + return SNMP_ERR_GENERR; + } + + if (reginfo->rootoid_len != OID_LENGTH(queriesOID) + 1) { + return SNMP_ERR_GENERR; + } + + const auto& it = s_statsMap.find(reginfo->rootoid[reginfo->rootoid_len - 2]); + if (it == s_statsMap.end()) { + return SNMP_ERR_GENERR; + } + + if (const auto& val = boost::get(&it->second)) { + std::string str(std::to_string(**val)); + snmp_set_var_typed_value(requests->requestvb, + ASN_OCTET_STR, + str.c_str(), + str.size()); + return SNMP_ERR_NOERROR; + } + + return SNMP_ERR_GENERR; +} + +static void registerFloatStat(const char* name, const oid statOID[], size_t statOIDLength, double* ptr) +{ + if (statOIDLength != OID_LENGTH(queriesOID)) { + errlog("Invalid OID for SNMP Float statistic %s", name); + return; + } + + if (s_statsMap.find(statOID[statOIDLength - 1]) != s_statsMap.end()) { + errlog("OID for SNMP Float statistic %s has already been registered", name); + return; + } + + s_statsMap[statOID[statOIDLength - 1]] = ptr; + netsnmp_register_scalar(netsnmp_create_handler_registration(name, + handleFloatStats, + statOID, + statOIDLength, + HANDLER_CAN_RONLY)); +} + +static int handleGauge64Stats(netsnmp_mib_handler* handler, + netsnmp_handler_registration* reginfo, + netsnmp_agent_request_info* reqinfo, + netsnmp_request_info* requests) +{ + if (reqinfo->mode != MODE_GET) { + return SNMP_ERR_GENERR; + } + + if (reginfo->rootoid_len != OID_LENGTH(queriesOID) + 1) { + return SNMP_ERR_GENERR; + } + + const auto& it = s_statsMap.find(reginfo->rootoid[reginfo->rootoid_len - 2]); + if (it == s_statsMap.end()) { + return SNMP_ERR_GENERR; + } + + std::string str; + uint64_t value = (*boost::get(&it->second))(str); + return DNSDistSNMPAgent::setCounter64Value(requests, value); +} + +static void registerGauge64Stat(const char* name, const oid statOID[], size_t statOIDLength, DNSDistStats::statfunction_t ptr) +{ + if (statOIDLength != OID_LENGTH(queriesOID)) { + errlog("Invalid OID for SNMP Gauge64 statistic %s", name); + return; + } + + if (s_statsMap.find(statOID[statOIDLength - 1]) != s_statsMap.end()) { + errlog("OID for SNMP Gauge64 statistic %s has already been registered", name); + return; + } + + s_statsMap[statOID[statOIDLength - 1]] = ptr; + netsnmp_register_scalar(netsnmp_create_handler_registration(name, + handleGauge64Stats, + statOID, + statOIDLength, + HANDLER_CAN_RONLY)); +} + +/* column number definitions for table backendStatTable */ +#define COLUMN_BACKENDID 1 +#define COLUMN_BACKENDNAME 2 +#define COLUMN_BACKENDLATENCY 3 +#define COLUMN_BACKENDWEIGHT 4 +#define COLUMN_BACKENDOUTSTANDING 5 +#define COLUMN_BACKENDQPSLIMIT 6 +#define COLUMN_BACKENDREUSED 7 +#define COLUMN_BACKENDSTATE 8 +#define COLUMN_BACKENDADDRESS 9 +#define COLUMN_BACKENDPOOLS 10 +#define COLUMN_BACKENDQPS 11 +#define COLUMN_BACKENDQUERIES 12 +#define COLUMN_BACKENDORDER 13 + +static const oid backendStatTableOID[] = { DNSDIST_STATS_TABLE_OID }; +static const oid backendNameOID[] = { DNSDIST_STATS_TABLE_OID, 1, 2 }; +static const oid backendStateOID[] = { DNSDIST_STATS_TABLE_OID, 1, 8}; +static const oid backendAddressOID[] = { DNSDIST_STATS_TABLE_OID, 1, 9}; + +static const oid socketFamilyOID[] = { DNSDIST_TRAP_OBJECTS_OID, 1, 0 }; +static const oid socketProtocolOID[] = { DNSDIST_TRAP_OBJECTS_OID, 2, 0 }; +static const oid fromAddressOID[] = { DNSDIST_TRAP_OBJECTS_OID, 3, 0 }; +static const oid toAddressOID[] = { DNSDIST_TRAP_OBJECTS_OID, 4, 0 }; +static const oid queryTypeOID[] = { DNSDIST_TRAP_OBJECTS_OID, 5, 0 }; +static const oid querySizeOID[] = { DNSDIST_TRAP_OBJECTS_OID, 6, 0 }; +static const oid queryIDOID[] = { DNSDIST_TRAP_OBJECTS_OID, 7, 0 }; +static const oid qNameOID[] = { DNSDIST_TRAP_OBJECTS_OID, 8, 0 }; +static const oid qClassOID[] = { DNSDIST_TRAP_OBJECTS_OID, 9, 0 }; +static const oid qTypeOID[] = { DNSDIST_TRAP_OBJECTS_OID, 10, 0 }; +static const oid trapReasonOID[] = { DNSDIST_TRAP_OBJECTS_OID, 11, 0 }; + +static const oid backendStatusChangeTrapOID[] = { DNSDIST_TRAPS_OID, 1 }; +static const oid actionTrapOID[] = { DNSDIST_TRAPS_OID, 2 }; +static const oid customTrapOID[] = { DNSDIST_TRAPS_OID, 3 }; + +static servers_t s_servers; +static size_t s_currentServerIdx = 0; + +static netsnmp_variable_list* backendStatTable_get_next_data_point(void** loop_context, + void** my_data_context, + netsnmp_variable_list* put_index_data, + netsnmp_iterator_info* mydata) +{ + if (s_currentServerIdx >= s_servers.size()) { + return NULL; + } + + *my_data_context = (void*) (s_servers[s_currentServerIdx]).get(); + snmp_set_var_typed_integer(put_index_data, ASN_UNSIGNED, s_currentServerIdx); + s_currentServerIdx++; + + return put_index_data; +} + +static netsnmp_variable_list* backendStatTable_get_first_data_point(void** loop_context, + void** data_context, + netsnmp_variable_list* put_index_data, + netsnmp_iterator_info* data) +{ + s_currentServerIdx = 0; + + /* get a copy of the shared_ptrs so they are not + destroyed while we process the request */ + auto dstates = g_dstates.getLocal(); + s_servers.clear(); + s_servers.reserve(dstates->size()); + for (const auto& server : *dstates) { + s_servers.push_back(server); + } + + return backendStatTable_get_next_data_point(loop_context, + data_context, + put_index_data, + data); +} + +static int backendStatTable_handler(netsnmp_mib_handler* handler, + netsnmp_handler_registration* reginfo, + netsnmp_agent_request_info* reqinfo, + netsnmp_request_info* requests) +{ + netsnmp_request_info* request; + + switch (reqinfo->mode) { + case MODE_GET: + for (request = requests; request; request = request->next) { + netsnmp_table_request_info* table_info = netsnmp_extract_table_info(request); + const DownstreamState* server = (const DownstreamState*) netsnmp_extract_iterator_context(request); + + if (!server) { + continue; + } + + switch (table_info->colnum) { + case COLUMN_BACKENDNAME: + snmp_set_var_typed_value(request->requestvb, + ASN_OCTET_STR, + server->getName().c_str(), + server->getName().size()); + break; + case COLUMN_BACKENDLATENCY: + DNSDistSNMPAgent::setCounter64Value(request, + server->latencyUsec/1000.0); + break; + case COLUMN_BACKENDWEIGHT: + DNSDistSNMPAgent::setCounter64Value(request, + server->weight); + break; + case COLUMN_BACKENDOUTSTANDING: + DNSDistSNMPAgent::setCounter64Value(request, + server->outstanding.load()); + break; + case COLUMN_BACKENDQPSLIMIT: + DNSDistSNMPAgent::setCounter64Value(request, + server->qps.getRate()); + break; + case COLUMN_BACKENDREUSED: + DNSDistSNMPAgent::setCounter64Value(request, server->reuseds.load()); + break; + case COLUMN_BACKENDSTATE: + { + std::string state(server->getStatus()); + snmp_set_var_typed_value(request->requestvb, + ASN_OCTET_STR, + state.c_str(), + state.size()); + break; + } + case COLUMN_BACKENDADDRESS: + { + std::string addr(server->remote.toStringWithPort()); + snmp_set_var_typed_value(request->requestvb, + ASN_OCTET_STR, + addr.c_str(), + addr.size()); + break; + } + case COLUMN_BACKENDPOOLS: + { + std::string pools; + for(auto& p : server->pools) { + if(!pools.empty()) + pools+=" "; + pools+=p; + } + snmp_set_var_typed_value(request->requestvb, + ASN_OCTET_STR, + pools.c_str(), + pools.size()); + break; + } + case COLUMN_BACKENDQPS: + DNSDistSNMPAgent::setCounter64Value(request, server->queryLoad.load()); + break; + case COLUMN_BACKENDQUERIES: + DNSDistSNMPAgent::setCounter64Value(request, server->queries.load()); + break; + case COLUMN_BACKENDORDER: + DNSDistSNMPAgent::setCounter64Value(request, server->order); + break; + default: + netsnmp_set_request_error(reqinfo, + request, + SNMP_NOSUCHOBJECT); + break; + } + } + break; + } + return SNMP_ERR_NOERROR; +} +#endif /* HAVE_NET_SNMP */ + +bool DNSDistSNMPAgent::sendBackendStatusChangeTrap(const std::shared_ptr& dss) +{ +#ifdef HAVE_NET_SNMP + const string backendAddress = dss->remote.toStringWithPort(); + const string backendStatus = dss->getStatus(); + netsnmp_variable_list* varList = nullptr; + + snmp_varlist_add_variable(&varList, + snmpTrapOID, + snmpTrapOIDLen, + ASN_OBJECT_ID, + backendStatusChangeTrapOID, + OID_LENGTH(backendStatusChangeTrapOID) * sizeof(oid)); + + + snmp_varlist_add_variable(&varList, + backendNameOID, + OID_LENGTH(backendNameOID), + ASN_OCTET_STR, + dss->getName().c_str(), + dss->getName().size()); + + snmp_varlist_add_variable(&varList, + backendAddressOID, + OID_LENGTH(backendAddressOID), + ASN_OCTET_STR, + backendAddress.c_str(), + backendAddress.size()); + + snmp_varlist_add_variable(&varList, + backendStateOID, + OID_LENGTH(backendStateOID), + ASN_OCTET_STR, + backendStatus.c_str(), + backendStatus.size()); + + return sendTrap(d_trapPipe[1], varList); +#else + return true; +#endif /* HAVE_NET_SNMP */ +} + +bool DNSDistSNMPAgent::sendCustomTrap(const std::string& reason) +{ +#ifdef HAVE_NET_SNMP + netsnmp_variable_list* varList = nullptr; + + snmp_varlist_add_variable(&varList, + snmpTrapOID, + snmpTrapOIDLen, + ASN_OBJECT_ID, + customTrapOID, + OID_LENGTH(customTrapOID) * sizeof(oid)); + + snmp_varlist_add_variable(&varList, + trapReasonOID, + OID_LENGTH(trapReasonOID), + ASN_OCTET_STR, + reason.c_str(), + reason.size()); + + return sendTrap(d_trapPipe[1], varList); +#else + return true; +#endif /* HAVE_NET_SNMP */ +} + +bool DNSDistSNMPAgent::sendDNSTrap(const DNSQuestion& dq, const std::string& reason) +{ +#ifdef HAVE_NET_SNMP + std::string local = dq.local->toString(); + std::string remote = dq.remote->toString(); + std::string qname = dq.qname->toStringNoDot(); + const uint32_t socketFamily = dq.remote->isIPv4() ? 1 : 2; + const uint32_t socketProtocol = dq.overTCP() ? 2 : 1; + const uint32_t queryType = dq.getHeader()->qr ? 2 : 1; + const uint32_t querySize = (uint32_t) dq.getData().size(); + const uint32_t queryID = (uint32_t) ntohs(dq.getHeader()->id); + const uint32_t qType = (uint32_t) dq.qtype; + const uint32_t qClass = (uint32_t) dq.qclass; + + netsnmp_variable_list* varList = nullptr; + + snmp_varlist_add_variable(&varList, + snmpTrapOID, + snmpTrapOIDLen, + ASN_OBJECT_ID, + actionTrapOID, + OID_LENGTH(actionTrapOID) * sizeof(oid)); + + snmp_varlist_add_variable(&varList, + socketFamilyOID, + OID_LENGTH(socketFamilyOID), + ASN_INTEGER, + reinterpret_cast(&socketFamily), + sizeof(socketFamily)); + + snmp_varlist_add_variable(&varList, + socketProtocolOID, + OID_LENGTH(socketProtocolOID), + ASN_INTEGER, + reinterpret_cast(&socketProtocol), + sizeof(socketProtocol)); + + snmp_varlist_add_variable(&varList, + fromAddressOID, + OID_LENGTH(fromAddressOID), + ASN_OCTET_STR, + remote.c_str(), + remote.size()); + + snmp_varlist_add_variable(&varList, + toAddressOID, + OID_LENGTH(toAddressOID), + ASN_OCTET_STR, + local.c_str(), + local.size()); + + snmp_varlist_add_variable(&varList, + queryTypeOID, + OID_LENGTH(queryTypeOID), + ASN_INTEGER, + reinterpret_cast(&queryType), + sizeof(queryType)); + + snmp_varlist_add_variable(&varList, + querySizeOID, + OID_LENGTH(querySizeOID), + ASN_UNSIGNED, + reinterpret_cast(&querySize), + sizeof(querySize)); + + snmp_varlist_add_variable(&varList, + queryIDOID, + OID_LENGTH(queryIDOID), + ASN_UNSIGNED, + reinterpret_cast(&queryID), + sizeof(queryID)); + + snmp_varlist_add_variable(&varList, + qNameOID, + OID_LENGTH(qNameOID), + ASN_OCTET_STR, + qname.c_str(), + qname.size()); + + snmp_varlist_add_variable(&varList, + qClassOID, + OID_LENGTH(qClassOID), + ASN_UNSIGNED, + reinterpret_cast(&qClass), + sizeof(qClass)); + + snmp_varlist_add_variable(&varList, + qTypeOID, + OID_LENGTH(qTypeOID), + ASN_UNSIGNED, + reinterpret_cast(&qType), + sizeof(qType)); + + snmp_varlist_add_variable(&varList, + trapReasonOID, + OID_LENGTH(trapReasonOID), + ASN_OCTET_STR, + reason.c_str(), + reason.size()); + + return sendTrap(d_trapPipe[1], varList); +#else + return true; +#endif /* HAVE_NET_SNMP */ +} + +DNSDistSNMPAgent::DNSDistSNMPAgent(const std::string& name, const std::string& daemonSocket): SNMPAgent(name, daemonSocket) +{ +#ifdef HAVE_NET_SNMP + + registerCounter64Stat("queries", queriesOID, OID_LENGTH(queriesOID), &g_stats.queries); + registerCounter64Stat("responses", responsesOID, OID_LENGTH(responsesOID), &g_stats.responses); + registerCounter64Stat("servfailResponses", servfailResponsesOID, OID_LENGTH(servfailResponsesOID), &g_stats.servfailResponses); + registerCounter64Stat("aclDrops", aclDropsOID, OID_LENGTH(aclDropsOID), &g_stats.aclDrops); + registerCounter64Stat("ruleDrop", ruleDropOID, OID_LENGTH(ruleDropOID), &g_stats.ruleDrop); + registerCounter64Stat("ruleNXDomain", ruleNXDomainOID, OID_LENGTH(ruleNXDomainOID), &g_stats.ruleNXDomain); + registerCounter64Stat("ruleRefused", ruleRefusedOID, OID_LENGTH(ruleRefusedOID), &g_stats.ruleRefused); + registerCounter64Stat("ruleServFail", ruleServFailOID, OID_LENGTH(ruleServFailOID), &g_stats.ruleServFail); + registerCounter64Stat("ruleTruncated", ruleTruncatedOID, OID_LENGTH(ruleTruncatedOID), &g_stats.ruleTruncated); + registerCounter64Stat("selfAnswered", selfAnsweredOID, OID_LENGTH(selfAnsweredOID), &g_stats.selfAnswered); + registerCounter64Stat("downstreamTimeouts", downstreamTimeoutsOID, OID_LENGTH(downstreamTimeoutsOID), &g_stats.downstreamTimeouts); + registerCounter64Stat("downstreamSendErrors", downstreamSendErrorsOID, OID_LENGTH(downstreamSendErrorsOID), &g_stats.downstreamSendErrors); + registerCounter64Stat("truncFail", truncFailOID, OID_LENGTH(truncFailOID), &g_stats.truncFail); + registerCounter64Stat("noPolicy", noPolicyOID, OID_LENGTH(noPolicyOID), &g_stats.noPolicy); + registerCounter64Stat("latency0_1", latency0_1OID, OID_LENGTH(latency0_1OID), &g_stats.latency0_1); + registerCounter64Stat("latency1_10", latency1_10OID, OID_LENGTH(latency1_10OID), &g_stats.latency1_10); + registerCounter64Stat("latency10_50", latency10_50OID, OID_LENGTH(latency10_50OID), &g_stats.latency10_50); + registerCounter64Stat("latency50_100", latency50_100OID, OID_LENGTH(latency50_100OID), &g_stats.latency50_100); + registerCounter64Stat("latency100_1000", latency100_1000OID, OID_LENGTH(latency100_1000OID), &g_stats.latency100_1000); + registerCounter64Stat("latencySlow", latencySlowOID, OID_LENGTH(latencySlowOID), &g_stats.latencySlow); + registerCounter64Stat("nonCompliantQueries", nonCompliantQueriesOID, OID_LENGTH(nonCompliantQueriesOID), &g_stats.nonCompliantQueries); + registerCounter64Stat("nonCompliantResponses", nonCompliantResponsesOID, OID_LENGTH(nonCompliantResponsesOID), &g_stats.nonCompliantResponses); + registerCounter64Stat("rdQueries", rdQueriesOID, OID_LENGTH(rdQueriesOID), &g_stats.rdQueries); + registerCounter64Stat("emptyQueries", emptyQueriesOID, OID_LENGTH(emptyQueriesOID), &g_stats.emptyQueries); + registerCounter64Stat("cacheHits", cacheHitsOID, OID_LENGTH(cacheHitsOID), &g_stats.cacheHits); + registerCounter64Stat("cacheMisses", cacheMissesOID, OID_LENGTH(cacheMissesOID), &g_stats.cacheMisses); + registerCounter64Stat("dynBlocked", dynBlockedOID, OID_LENGTH(dynBlockedOID), &g_stats.dynBlocked); + registerFloatStat("latencyAvg100", latencyAvg100OID, OID_LENGTH(latencyAvg100OID), &g_stats.latencyAvg100); + registerFloatStat("latencyAvg1000", latencyAvg1000OID, OID_LENGTH(latencyAvg1000OID), &g_stats.latencyAvg1000); + registerFloatStat("latencyAvg10000", latencyAvg10000OID, OID_LENGTH(latencyAvg10000OID), &g_stats.latencyAvg10000); + registerFloatStat("latencyAvg1000000", latencyAvg1000000OID, OID_LENGTH(latencyAvg1000000OID), &g_stats.latencyAvg1000000); + registerGauge64Stat("uptime", uptimeOID, OID_LENGTH(uptimeOID), &uptimeOfProcess); + registerGauge64Stat("specialMemoryUsage", specialMemoryUsageOID, OID_LENGTH(specialMemoryUsageOID), &getSpecialMemoryUsage); + registerGauge64Stat("cpuUserMSec", cpuUserMSecOID, OID_LENGTH(cpuUserMSecOID), &getCPUTimeUser); + registerGauge64Stat("cpuSysMSec", cpuSysMSecOID, OID_LENGTH(cpuSysMSecOID), &getCPUTimeSystem); + registerGauge64Stat("fdUsage", fdUsageOID, OID_LENGTH(fdUsageOID), &getOpenFileDescriptors); + registerGauge64Stat("dynBlockedNMGSize", dynBlockedNMGSizeOID, OID_LENGTH(dynBlockedNMGSizeOID), [](const std::string&) { return g_dynblockNMG.getLocal()->size(); }); + registerGauge64Stat("securityStatus", securityStatusOID, OID_LENGTH(securityStatusOID), [](const std::string&) { return g_stats.securityStatus.load(); }); + registerGauge64Stat("realMemoryUsage", realMemoryUsageOID, OID_LENGTH(realMemoryUsageOID), &getRealMemoryUsage); + + + netsnmp_table_registration_info* table_info = SNMP_MALLOC_TYPEDEF(netsnmp_table_registration_info); + netsnmp_table_helper_add_indexes(table_info, + ASN_GAUGE, /* index: backendId */ + 0); + table_info->min_column = COLUMN_BACKENDNAME; + table_info->max_column = COLUMN_BACKENDORDER; + netsnmp_iterator_info* iinfo = SNMP_MALLOC_TYPEDEF(netsnmp_iterator_info); + iinfo->get_first_data_point = backendStatTable_get_first_data_point; + iinfo->get_next_data_point = backendStatTable_get_next_data_point; + iinfo->table_reginfo = table_info; + + netsnmp_register_table_iterator(netsnmp_create_handler_registration("backendStatTable", + backendStatTable_handler, + backendStatTableOID, + OID_LENGTH(backendStatTableOID), + HANDLER_CAN_RONLY), + iinfo); + +#endif /* HAVE_NET_SNMP */ +} diff --git a/dnsdist-snmp.hh b/dnsdist-snmp.hh new file mode 100644 index 0000000..3ccde78 --- /dev/null +++ b/dnsdist-snmp.hh @@ -0,0 +1,37 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include "snmp-agent.hh" + +class DNSDistSNMPAgent; + +#include "dnsdist.hh" + +class DNSDistSNMPAgent: public SNMPAgent +{ +public: + DNSDistSNMPAgent(const std::string& name, const std::string& daemonSocket); + bool sendBackendStatusChangeTrap(const std::shared_ptr&); + bool sendCustomTrap(const std::string& reason); + bool sendDNSTrap(const DNSQuestion&, const std::string& reason=""); +}; diff --git a/dnsdist-svc.cc b/dnsdist-svc.cc new file mode 100644 index 0000000..ffd42fd --- /dev/null +++ b/dnsdist-svc.cc @@ -0,0 +1,133 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "dnsdist-svc.hh" +#include "dnswriter.hh" +#include "svc-records.hh" + +bool generateSVCPayload(std::vector& payload, uint16_t priority, const DNSName& target, const std::set& mandatoryParams, const std::vector& alpns, bool noDefaultAlpn, std::optional port, const std::string& ech, const std::vector& ipv4hints, const std::vector& ipv6hints, const std::vector>& additionalParams) +{ + // this is an _ordered_ set and the comparison operator is properly defined, + // so the parameters will be ordered as defined in the RFC + std::set params; + + if (!mandatoryParams.empty()) { + std::set mandatoryKeys; + for (const auto& entry : mandatoryParams) { + mandatoryKeys.insert(static_cast(entry)); + } + params.insert({SvcParam::SvcParamKey::mandatory, std::move(mandatoryKeys)}); + } + + if (!alpns.empty()) { + params.insert({SvcParam::SvcParamKey::alpn, std::vector(alpns)}); + } + + if (noDefaultAlpn) { + params.insert({SvcParam::SvcParamKey::no_default_alpn}); + } + + if (port) { + params.insert({SvcParam::SvcParamKey::port, *port}); + } + + if (!ipv4hints.empty()) { + params.insert({SvcParam::SvcParamKey::ipv4hint, std::vector(ipv4hints)}); + } + + if (!ech.empty()) { + params.insert({SvcParam::SvcParamKey::ech, ech}); + } + + if (!ipv6hints.empty()) { + params.insert({SvcParam::SvcParamKey::ipv6hint, std::vector(ipv6hints)}); + } + + for (const auto& param : additionalParams) { + params.insert({static_cast(param.first), param.second}); + } + + if (priority == 0 && params.size() != 0) { + return false; + } + + payload.clear(); + /* we will remove the header, question and record header parts later */ + DNSPacketWriter pw(payload, g_rootdnsname, QType::A, QClass::IN, 0); + pw.startRecord(g_rootdnsname, QType::A, 60, QClass::IN, DNSResourceRecord::ANSWER, false); + size_t offset = pw.size(); + pw.xfr16BitInt(priority); + pw.xfrName(target, false, true); + pw.xfrSvcParamKeyVals(params); + pw.commit(); + + if (payload.size() <= offset) { + return false; + } + + payload.erase(payload.begin(), payload.begin() + offset); + return true; +} + +bool generateSVCPayload(std::vector& payload, const SVCRecordParameters& parameters) +{ + return generateSVCPayload(payload, parameters.priority, parameters.target, parameters.mandatoryParams, parameters.alpns, parameters.noDefaultAlpn, parameters.port, parameters.ech, parameters.ipv4hints, parameters.ipv6hints, parameters.additionalParams); +} + +struct SVCRecordParameters parseSVCParameters(const svcParamsLua_t& params) +{ + struct SVCRecordParameters parameters; + for (const auto& p : params) { + if (p.first == "mandatory") { + for (auto const& entry : boost::get>>(p.second)) { + parameters.mandatoryParams.insert(SvcParam::keyFromString(entry.second)); + } + } + else if (p.first == "alpn") { + for (auto const& entry : boost::get>>(p.second)) { + parameters.alpns.push_back(entry.second); + } + } + else if (p.first == "noDefaultAlpn") { + parameters.noDefaultAlpn = boost::get(p.second); + } + else if (p.first == "port") { + parameters.port = boost::get(p.second); + } + else if (p.first == "ipv4hint") { + for (auto const& entry : boost::get>>(p.second)) { + parameters.ipv4hints.push_back(ComboAddress(entry.second)); + } + } + else if (p.first == "ech") { + parameters.ech = boost::get(p.second); + } + else if (p.first == "ipv6hint") { + for (auto const& entry : boost::get>>(p.second)) { + parameters.ipv6hints.push_back(ComboAddress(entry.second)); + } + } + else { + parameters.additionalParams.push_back({SvcParam::keyFromString(p.first), boost::get(p.second)}); + } + } + return parameters; +} diff --git a/dnsdist-svc.hh b/dnsdist-svc.hh new file mode 100644 index 0000000..d0a1a8c --- /dev/null +++ b/dnsdist-svc.hh @@ -0,0 +1,66 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include +#include +#include +#include +#include +#include + +#include "dnsname.hh" +#include "iputils.hh" + +struct SVCRecordParameters +{ + SVCRecordParameters() + { + } + + std::set mandatoryParams; + std::vector alpns; + std::vector ipv4hints; + std::vector ipv6hints; + std::vector> additionalParams; + std::string ech; + DNSName target; + std::optional port{std::nullopt}; + uint16_t priority{0}; + bool noDefaultAlpn{false}; +}; + +typedef std::unordered_map< + std::string, + boost::variant< + uint16_t, + bool, + std::string, + std::vector>, + std::vector>>> + svcParamsLua_t; + +struct SVCRecordParameters parseSVCParameters(const svcParamsLua_t& params); + +bool generateSVCPayload(std::vector& payload, uint16_t priority, const DNSName& target, const std::set& mandatoryParams, const std::vector& alpns, bool noDefaultAlpn, std::optional port, const std::string& ech, const std::vector& ipv4hints, const std::vector& ipv6hints, const std::vector>& additionalParams); + +bool generateSVCPayload(std::vector& payload, const SVCRecordParameters& parameters); diff --git a/dnsdist-systemd.cc b/dnsdist-systemd.cc new file mode 100644 index 0000000..6f9f890 --- /dev/null +++ b/dnsdist-systemd.cc @@ -0,0 +1,35 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#include "config.h" +#include "dnsdist-systemd.hh" +#include + +bool running_in_service_mgr() { +#ifdef HAVE_SYSTEMD + char *c; + c = getenv("NOTIFY_SOCKET"); // XXX Ideally we'd check for INVOCATION_ID (systemd.exec(5)), but that was introduced in systemd 232, and Debian Jessie has 215 + if (c != nullptr) { + return true; + } +#endif + return false; +} diff --git a/dnsdist-systemd.hh b/dnsdist-systemd.hh new file mode 100644 index 0000000..046905c --- /dev/null +++ b/dnsdist-systemd.hh @@ -0,0 +1,24 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +bool running_in_service_mgr(); diff --git a/dnsdist-tcp-downstream.cc b/dnsdist-tcp-downstream.cc new file mode 100644 index 0000000..9b83cad --- /dev/null +++ b/dnsdist-tcp-downstream.cc @@ -0,0 +1,778 @@ + +#include "dnsdist-session-cache.hh" +#include "dnsdist-tcp-downstream.hh" +#include "dnsdist-tcp-upstream.hh" + +#include "dnsparser.hh" + +thread_local DownstreamTCPConnectionsManager t_downstreamTCPConnectionsManager; + +ConnectionToBackend::~ConnectionToBackend() +{ + if (d_ds && d_handler) { + --d_ds->tcpCurrentConnections; + struct timeval now; + gettimeofday(&now, nullptr); + + if (d_handler->isTLS()) { + if (d_handler->hasTLSSessionBeenResumed()) { + ++d_ds->tlsResumptions; + } + try { + auto sessions = d_handler->getTLSSessions(); + if (!sessions.empty()) { + g_sessionCache.putSessions(d_ds->getID(), now.tv_sec, std::move(sessions)); + } + } + catch (const std::exception& e) { + vinfolog("Unable to get a TLS session: %s", e.what()); + } + } + auto diff = now - d_connectionStartTime; + // cerr<<"connection to backend terminated after "<updateTCPMetrics(d_queries, diff.tv_sec * 1000 + diff.tv_usec / 1000); + } +} + +bool ConnectionToBackend::reconnect() +{ + std::unique_ptr tlsSession{nullptr}; + if (d_handler) { + DEBUGLOG("closing socket "<getDescriptor()); + if (d_handler->isTLS()) { + if (d_handler->hasTLSSessionBeenResumed()) { + ++d_ds->tlsResumptions; + } + try { + auto sessions = d_handler->getTLSSessions(); + if (!sessions.empty()) { + tlsSession = std::move(sessions.back()); + sessions.pop_back(); + if (!sessions.empty()) { + g_sessionCache.putSessions(d_ds->getID(), time(nullptr), std::move(sessions)); + } + } + } + catch (const std::exception& e) { + vinfolog("Unable to get a TLS session to resume: %s", e.what()); + } + } + d_handler->close(); + d_ioState.reset(); + d_handler.reset(); + --d_ds->tcpCurrentConnections; + } + + d_fresh = true; + d_highestStreamID = 0; + d_proxyProtocolPayloadSent = false; + + do { + vinfolog("TCP connecting to downstream %s (%d)", d_ds->getNameWithAddr(), d_downstreamFailures); + DEBUGLOG("Opening TCP connection to backend "<getNameWithAddr()); + ++d_ds->tcpNewConnections; + try { + auto socket = std::make_unique(d_ds->remote.sin4.sin_family, SOCK_STREAM, 0); + DEBUGLOG("result of socket() is "<getHandle()); + + if (!IsAnyAddress(d_ds->sourceAddr)) { + SSetsockopt(socket->getHandle(), SOL_SOCKET, SO_REUSEADDR, 1); +#ifdef IP_BIND_ADDRESS_NO_PORT + if (d_ds->ipBindAddrNoPort) { + SSetsockopt(socket->getHandle(), SOL_IP, IP_BIND_ADDRESS_NO_PORT, 1); + } +#endif +#ifdef SO_BINDTODEVICE + if (!d_ds->sourceItfName.empty()) { + int res = setsockopt(socket->getHandle(), SOL_SOCKET, SO_BINDTODEVICE, d_ds->sourceItfName.c_str(), d_ds->sourceItfName.length()); + if (res != 0) { + vinfolog("Error setting up the interface on backend TCP socket '%s': %s", d_ds->getNameWithAddr(), stringerror()); + } + } +#endif + socket->bind(d_ds->sourceAddr, false); + } + socket->setNonBlocking(); + + gettimeofday(&d_connectionStartTime, nullptr); + auto handler = std::make_unique(d_ds->d_tlsSubjectName, socket->releaseHandle(), timeval{0,0}, d_ds->d_tlsCtx, d_connectionStartTime.tv_sec); + if (!tlsSession && d_ds->d_tlsCtx) { + tlsSession = g_sessionCache.getSession(d_ds->getID(), d_connectionStartTime.tv_sec); + } + if (tlsSession) { + handler->setTLSSession(tlsSession); + } + handler->tryConnect(d_ds->tcpFastOpen && isFastOpenEnabled(), d_ds->remote); + d_queries = 0; + + d_handler = std::move(handler); + d_ds->incCurrentConnectionsCount(); + return true; + } + catch (const std::runtime_error& e) { + vinfolog("Connection to downstream server %s failed: %s", d_ds->getName(), e.what()); + d_downstreamFailures++; + if (d_downstreamFailures >= d_ds->d_retries) { + throw; + } + } + } + while (d_downstreamFailures < d_ds->d_retries); + + return false; +} + +TCPConnectionToBackend::~TCPConnectionToBackend() +{ + if (d_ds && !d_pendingResponses.empty()) { + d_ds->outstanding -= d_pendingResponses.size(); + } +} + +void TCPConnectionToBackend::release() +{ + d_ds->outstanding -= d_pendingResponses.size(); + + d_pendingResponses.clear(); + d_pendingQueries.clear(); + + if (d_ioState) { + d_ioState.reset(); + } +} + +static void editPayloadID(PacketBuffer& payload, uint16_t newId, size_t proxyProtocolPayloadSize, bool sizePrepended) +{ + /* we cannot do a direct cast as the alignment might be off (the size of the payload might have been prepended, which is bad enough, + but we might also have a proxy protocol payload */ + size_t startOfHeaderOffset = (sizePrepended ? sizeof(uint16_t) : 0) + proxyProtocolPayloadSize; + if (payload.size() < startOfHeaderOffset + sizeof(dnsheader)) { + throw std::runtime_error("Invalid buffer for outgoing TCP query (size " + std::to_string(payload.size())); + } + uint16_t id = htons(newId); + memcpy(&payload.at(startOfHeaderOffset), &id, sizeof(id)); +} + +enum class QueryState : uint8_t { + hasSizePrepended, + noSize +}; + +enum class ConnectionState : uint8_t { + needProxy, + proxySent +}; + +static void prepareQueryForSending(TCPQuery& query, uint16_t id, QueryState queryState, ConnectionState connectionState) +{ + if (connectionState == ConnectionState::needProxy) { + if (query.d_proxyProtocolPayload.size() > 0 && !query.d_proxyProtocolPayloadAdded) { + query.d_buffer.insert(query.d_buffer.begin(), query.d_proxyProtocolPayload.begin(), query.d_proxyProtocolPayload.end()); + query.d_proxyProtocolPayloadAdded = true; + query.d_proxyProtocolPayloadAddedSize = query.d_proxyProtocolPayload.size(); + } + } + else if (connectionState == ConnectionState::proxySent) { + if (query.d_proxyProtocolPayloadAdded) { + if (query.d_buffer.size() < query.d_proxyProtocolPayloadAddedSize) { + throw std::runtime_error("Trying to remove a proxy protocol payload of size " + std::to_string(query.d_proxyProtocolPayload.size()) + " from a buffer of size " + std::to_string(query.d_buffer.size())); + } + query.d_buffer.erase(query.d_buffer.begin(), query.d_buffer.begin() + query.d_proxyProtocolPayloadAddedSize); + query.d_proxyProtocolPayloadAdded = false; + query.d_proxyProtocolPayloadAddedSize = 0; + } + } + editPayloadID(query.d_buffer, id, query.d_proxyProtocolPayloadAdded ? query.d_proxyProtocolPayloadAddedSize : 0, true); +} + +IOState TCPConnectionToBackend::queueNextQuery(std::shared_ptr& conn) +{ + conn->d_currentQuery = std::move(conn->d_pendingQueries.front()); + + uint16_t id = conn->d_highestStreamID; + prepareQueryForSending(conn->d_currentQuery.d_query, id, QueryState::hasSizePrepended, conn->needProxyProtocolPayload() ? ConnectionState::needProxy : ConnectionState::proxySent); + + conn->d_pendingQueries.pop_front(); + conn->d_state = State::sendingQueryToBackend; + conn->d_currentPos = 0; + + return IOState::NeedWrite; +} + +IOState TCPConnectionToBackend::sendQuery(std::shared_ptr& conn, const struct timeval& now) +{ + DEBUGLOG("sending query to backend "<getDS()->getName()<<" over FD "<d_handler->getDescriptor()); + + IOState state = conn->d_handler->tryWrite(conn->d_currentQuery.d_query.d_buffer, conn->d_currentPos, conn->d_currentQuery.d_query.d_buffer.size()); + + if (state != IOState::Done) { + return state; + } + + DEBUGLOG("query sent to backend"); + /* request sent ! */ + if (conn->d_currentQuery.d_query.d_proxyProtocolPayloadAdded) { + conn->d_proxyProtocolPayloadSent = true; + } + ++conn->d_queries; + conn->d_currentPos = 0; + + DEBUGLOG("adding a pending response for ID "<d_highestStreamID<<" and QNAME "<d_currentQuery.d_query.d_idstate.qname); + auto res = conn->d_pendingResponses.insert({conn->d_highestStreamID, std::move(conn->d_currentQuery)}); + /* if there was already a pending response with that ID, we messed up and we don't expect more + than one response */ + if (res.second) { + ++conn->d_ds->outstanding; + } + ++conn->d_highestStreamID; + conn->d_currentQuery.d_sender.reset(); + conn->d_currentQuery.d_query.d_buffer.clear(); + + return state; +} + +void TCPConnectionToBackend::handleIO(std::shared_ptr& conn, const struct timeval& now) +{ + if (conn->d_handler == nullptr) { + throw std::runtime_error("No downstream socket in " + std::string(__PRETTY_FUNCTION__) + "!"); + } + + bool connectionDied = false; + IOState iostate = IOState::Done; + IOStateGuard ioGuard(conn->d_ioState); + bool reconnected = false; + + do { + reconnected = false; + + try { + if (conn->d_state == State::sendingQueryToBackend) { + iostate = sendQuery(conn, now); + + while (iostate == IOState::Done && !conn->d_pendingQueries.empty()) { + queueNextQuery(conn); + iostate = sendQuery(conn, now); + } + + if (iostate == IOState::Done && conn->d_pendingQueries.empty()) { + conn->d_state = State::waitingForResponseFromBackend; + conn->d_currentPos = 0; + conn->d_responseBuffer.resize(sizeof(uint16_t)); + iostate = IOState::NeedRead; + } + } + + if (conn->d_state == State::waitingForResponseFromBackend || + conn->d_state == State::readingResponseSizeFromBackend) { + DEBUGLOG("reading response size from backend"); + // then we need to allocate a new buffer (new because we might need to re-send the query if the + // backend dies on us) + // We also might need to read and send to the client more than one response in case of XFR (yeah!) + conn->d_responseBuffer.resize(sizeof(uint16_t)); + iostate = conn->d_handler->tryRead(conn->d_responseBuffer, conn->d_currentPos, sizeof(uint16_t)); + if (iostate == IOState::Done) { + DEBUGLOG("got response size from backend"); + conn->d_state = State::readingResponseFromBackend; + conn->d_responseSize = conn->d_responseBuffer.at(0) * 256 + conn->d_responseBuffer.at(1); + conn->d_responseBuffer.reserve(conn->d_responseSize + /* we will need to prepend the size later */ 2); + conn->d_responseBuffer.resize(conn->d_responseSize); + conn->d_currentPos = 0; + conn->d_lastDataReceivedTime = now; + } + else if (conn->d_state == State::waitingForResponseFromBackend && conn->d_currentPos > 0) { + conn->d_state = State::readingResponseSizeFromBackend; + } + } + + if (conn->d_state == State::readingResponseFromBackend) { + DEBUGLOG("reading response from backend"); + iostate = conn->d_handler->tryRead(conn->d_responseBuffer, conn->d_currentPos, conn->d_responseSize); + if (iostate == IOState::Done) { + DEBUGLOG("got response from backend"); + try { + conn->d_lastDataReceivedTime = now; + iostate = conn->handleResponse(conn, now); + } + catch (const std::exception& e) { + vinfolog("Got an exception while handling TCP response from %s (client is %s): %s", conn->d_ds ? conn->d_ds->getName() : "unknown", conn->d_currentQuery.d_query.d_idstate.origRemote.toStringWithPort(), e.what()); + ioGuard.release(); + conn->release(); + return; + } + } + } + + if (conn->d_state != State::idle && + conn->d_state != State::sendingQueryToBackend && + conn->d_state != State::waitingForResponseFromBackend && + conn->d_state != State::readingResponseSizeFromBackend && + conn->d_state != State::readingResponseFromBackend) { + vinfolog("Unexpected state %d in TCPConnectionToBackend::handleIO", static_cast(conn->d_state)); + } + } + catch (const std::exception& e) { + /* most likely an EOF because the other end closed the connection, + but it might also be a real IO error or something else. + Let's just drop the connection + */ + vinfolog("Got an exception while handling (%s backend) TCP query from %s: %s", (conn->d_state == State::sendingQueryToBackend ? "writing to" : "reading from"), conn->d_currentQuery.d_query.d_idstate.origRemote.toStringWithPort(), e.what()); + + if (conn->d_state == State::sendingQueryToBackend) { + ++conn->d_ds->tcpDiedSendingQuery; + } + else if (conn->d_state != State::idle) { + ++conn->d_ds->tcpDiedReadingResponse; + } + + /* don't increase this counter when reusing connections */ + if (conn->d_fresh) { + ++conn->d_downstreamFailures; + } + + /* remove this FD from the IO multiplexer */ + iostate = IOState::Done; + connectionDied = true; + } + + if (connectionDied) { + + DEBUGLOG("connection died, number of failures is "<d_downstreamFailures<<", retries is "<d_ds->d_retries); + + if (conn->d_downstreamFailures < conn->d_ds->d_retries) { + + conn->d_ioState.reset(); + ioGuard.release(); + + try { + if (conn->reconnect()) { + conn->d_ioState = make_unique(*conn->d_mplexer, conn->d_handler->getDescriptor()); + + /* we need to resend the queries that were in flight, if any */ + if (conn->d_state == State::sendingQueryToBackend) { + /* we need to edit this query so it has the correct ID */ + auto query = std::move(conn->d_currentQuery); + uint16_t id = conn->d_highestStreamID; + prepareQueryForSending(query.d_query, id, QueryState::hasSizePrepended, ConnectionState::needProxy); + conn->d_currentQuery = std::move(query); + } + + /* if we notify the sender it might terminate us so we need to move these first */ + auto pendingResponses = std::move(conn->d_pendingResponses); + conn->d_pendingResponses.clear(); + for (auto& pending : pendingResponses) { + --conn->d_ds->outstanding; + + if (pending.second.d_query.isXFR() && pending.second.d_query.d_xfrStarted) { + /* this one can't be restarted, sorry */ + DEBUGLOG("A XFR for which a response has already been sent cannot be restarted"); + try { + pending.second.d_sender->notifyIOError(std::move(pending.second.d_query.d_idstate), now); + } + catch (const std::exception& e) { + vinfolog("Got an exception while notifying: %s", e.what()); + } + catch (...) { + vinfolog("Got exception while notifying"); + } + } + else { + conn->d_pendingQueries.push_back(std::move(pending.second)); + } + } + conn->d_currentPos = 0; + + if (conn->d_state == State::sendingQueryToBackend) { + iostate = IOState::NeedWrite; + // resume sending query + } + else { + if (conn->d_pendingQueries.empty()) { + throw std::runtime_error("TCP connection to a backend in state " + std::to_string((int)conn->d_state) + " with no pending queries"); + } + + iostate = queueNextQuery(conn); + } + + reconnected = true; + connectionDied = false; + } + } + catch (const std::exception& e) { + // reconnect might throw on failure, let's ignore that, we just need to know + // it failed + } + } + + if (!reconnected) { + /* reconnect failed, we give up */ + DEBUGLOG("reconnect failed, we give up"); + ++conn->d_ds->tcpGaveUp; + conn->notifyAllQueriesFailed(now, FailureReason::gaveUp); + } + } + + if (conn->d_ioState) { + if (iostate == IOState::Done) { + conn->d_ioState->update(iostate, handleIOCallback, conn); + } + else { + boost::optional ttd{boost::none}; + if (iostate == IOState::NeedRead) { + ttd = conn->getBackendReadTTD(now); + } + else if (conn->isFresh() && conn->d_queries == 0) { + /* first write just after the non-blocking connect */ + ttd = conn->getBackendConnectTTD(now); + } + else { + ttd = conn->getBackendWriteTTD(now); + } + + conn->d_ioState->update(iostate, handleIOCallback, conn, ttd); + } + } + } + while (reconnected); + + ioGuard.release(); +} + +void TCPConnectionToBackend::handleIOCallback(int fd, FDMultiplexer::funcparam_t& param) +{ + auto conn = boost::any_cast>(param); + if (fd != conn->getHandle()) { + throw std::runtime_error("Unexpected socket descriptor " + std::to_string(fd) + " received in " + std::string(__PRETTY_FUNCTION__) + ", expected " + std::to_string(conn->getHandle())); + } + + struct timeval now; + gettimeofday(&now, nullptr); + handleIO(conn, now); +} + +void TCPConnectionToBackend::queueQuery(std::shared_ptr& sender, TCPQuery&& query) +{ + if (!d_ioState) { + d_ioState = make_unique(*d_mplexer, d_handler->getDescriptor()); + } + + // if we are not already sending a query or in the middle of reading a response (so idle), + // start sending the query + if (d_state == State::idle || d_state == State::waitingForResponseFromBackend) { + DEBUGLOG("Sending new query to backend right away, with ID "<(shared_from_this()); + handleIO(shared, now); + } + else { + DEBUGLOG("Adding new query to the queue because we are in state "<<(int)d_state); + // store query in the list of queries to send + d_pendingQueries.push_back(PendingRequest({sender, std::move(query)})); + } +} + +void TCPConnectionToBackend::handleTimeout(const struct timeval& now, bool write) +{ + /* in some cases we could retry, here, reconnecting and sending our pending responses again */ + if (write) { + if (isFresh() && d_queries == 0) { + ++d_ds->tcpConnectTimeouts; + vinfolog("Timeout while connecting to TCP backend %s", d_ds->getName()); + } + else { + ++d_ds->tcpWriteTimeouts; + vinfolog("Timeout while writing to TCP backend %s", d_ds->getName()); + } + } + else { + ++d_ds->tcpReadTimeouts; + vinfolog("Timeout while reading from TCP backend %s", d_ds->getName()); + } + + try { + notifyAllQueriesFailed(now, FailureReason::timeout); + } + catch (const std::exception& e) { + vinfolog("Got an exception while notifying a timeout: %s", e.what()); + } + catch (...) { + vinfolog("Got exception while notifying a timeout"); + } + + release(); +} + +void TCPConnectionToBackend::notifyAllQueriesFailed(const struct timeval& now, FailureReason reason) +{ + d_connectionDied = true; + + /* we might be terminated while notifying a query sender */ + d_ds->outstanding -= d_pendingResponses.size(); + auto pendingQueries = std::move(d_pendingQueries); + d_pendingQueries.clear(); + auto pendingResponses = std::move(d_pendingResponses); + d_pendingResponses.clear(); + + auto increaseCounters = [reason](std::shared_ptr& sender) { + if (reason == FailureReason::timeout) { + const ClientState* cs = sender->getClientState(); + if (cs) { + ++cs->tcpDownstreamTimeouts; + } + } + else if (reason == FailureReason::gaveUp) { + const ClientState* cs = sender->getClientState(); + if (cs) { + ++cs->tcpGaveUp; + } + } + }; + + try { + if (d_state == State::sendingQueryToBackend) { + auto sender = d_currentQuery.d_sender; + if (sender->active()) { + increaseCounters(sender); + sender->notifyIOError(std::move(d_currentQuery.d_query.d_idstate), now); + } + } + + for (auto& query : pendingQueries) { + auto sender = query.d_sender; + if (sender->active()) { + increaseCounters(sender); + sender->notifyIOError(std::move(query.d_query.d_idstate), now); + } + } + + for (auto& response : pendingResponses) { + auto sender = response.second.d_sender; + if (sender->active()) { + increaseCounters(sender); + sender->notifyIOError(std::move(response.second.d_query.d_idstate), now); + } + } + } + catch (const std::exception& e) { + vinfolog("Got an exception while notifying: %s", e.what()); + } + catch (...) { + vinfolog("Got exception while notifying"); + } + + release(); +} + +static uint32_t getSerialFromRawSOAContent(const std::vector& raw) +{ + /* minimal size for a SOA record, as defined by rfc1035: + MNAME (root): 1 + RNAME (root): 1 + SERIAL: 4 + REFRESH: 4 + RETRY: 4 + EXPIRE: 4 + MINIMUM: 4 + = 22 bytes + */ + if (raw.size() < 22) { + throw std::runtime_error("Invalid content of size " + std::to_string(raw.size()) + " for a SOA record"); + } + /* As rfc1025 states that "all domain names in the RDATA section of these RRs may be compressed", + and we don't want to parse these names, start at the end */ + uint32_t serial = 0; + memcpy(&serial, &raw.at(raw.size() - 20), sizeof(serial)); + return ntohl(serial); +} + +IOState TCPConnectionToBackend::handleResponse(std::shared_ptr& conn, const struct timeval& now) +{ + d_downstreamFailures = 0; + + uint16_t queryId = 0; + try { + queryId = getQueryIdFromResponse(); + } + catch (const std::exception& e) { + DEBUGLOG("Unable to get query ID"); + notifyAllQueriesFailed(now, FailureReason::unexpectedQueryID); + throw; + } + + auto it = d_pendingResponses.find(queryId); + if (it == d_pendingResponses.end()) { + DEBUGLOG("could not find any corresponding query for ID "<second.d_query.d_idstate.origID), 0, false); + + auto sender = it->second.d_sender; + + if (sender->active() && it->second.d_query.isXFR()) { + DEBUGLOG("XFR!"); + bool done = false; + TCPResponse response; + response.d_buffer = std::move(d_responseBuffer); + response.d_connection = conn; + /* we don't move the whole IDS because we will need for the responses to come */ + response.d_idstate.qtype = it->second.d_query.d_idstate.qtype; + response.d_idstate.qname = it->second.d_query.d_idstate.qname; + DEBUGLOG("passing XFRresponse to client connection for "<second.d_query.d_xfrStarted = true; + done = isXFRFinished(response, it->second.d_query); + + if (done) { + d_pendingResponses.erase(it); + --conn->d_ds->outstanding; + /* marking as idle for now, so we can accept new queries if our queues are empty */ + if (d_pendingQueries.empty() && d_pendingResponses.empty()) { + t_downstreamTCPConnectionsManager.moveToIdle(conn); + d_state = State::idle; + } + } + + sender->handleXFRResponse(now, std::move(response)); + if (done) { + t_downstreamTCPConnectionsManager.moveToIdle(conn); + d_state = State::idle; + return IOState::Done; + } + + d_state = State::waitingForResponseFromBackend; + d_currentPos = 0; + d_responseBuffer.resize(sizeof(uint16_t)); + // get ready to read the next packet, if any + return IOState::NeedRead; + } + + --conn->d_ds->outstanding; + auto ids = std::move(it->second.d_query.d_idstate); + d_pendingResponses.erase(it); + /* marking as idle for now, so we can accept new queries if our queues are empty */ + if (d_pendingQueries.empty() && d_pendingResponses.empty()) { + t_downstreamTCPConnectionsManager.moveToIdle(conn); + d_state = State::idle; + } + + auto shared = conn; + if (sender->active()) { + DEBUGLOG("passing response to client connection for "<handleResponse(now, TCPResponse(std::move(d_responseBuffer), std::move(ids), conn)); + } + + if (!d_pendingQueries.empty()) { + DEBUGLOG("still have some queries to send"); + return queueNextQuery(shared); + } + else if (!d_pendingResponses.empty()) { + DEBUGLOG("still have some responses to read"); + d_state = State::waitingForResponseFromBackend; + d_currentPos = 0; + d_responseBuffer.resize(sizeof(uint16_t)); + return IOState::NeedRead; + } + else { + DEBUGLOG("nothing to do, waiting for a new query"); + t_downstreamTCPConnectionsManager.moveToIdle(conn); + d_state = State::idle; + return IOState::Done; + } +} + +uint16_t TCPConnectionToBackend::getQueryIdFromResponse() const +{ + if (d_responseBuffer.size() < sizeof(dnsheader)) { + throw std::runtime_error("Unable to get query ID in a too small (" + std::to_string(d_responseBuffer.size()) + ") response from " + d_ds->getNameWithAddr()); + } + + uint16_t id; + memcpy(&id, &d_responseBuffer.at(0), sizeof(id)); + return ntohs(id); +} + +void TCPConnectionToBackend::setProxyProtocolValuesSent(std::unique_ptr>&& proxyProtocolValuesSent) +{ + /* if we already have some values, we have already verified they match */ + if (!d_proxyProtocolValuesSent) { + d_proxyProtocolValuesSent = std::move(proxyProtocolValuesSent); + } +} + +bool TCPConnectionToBackend::matchesTLVs(const std::unique_ptr>& tlvs) const +{ + if (tlvs == nullptr) { + if (d_proxyProtocolValuesSent == nullptr) { + return true; + } + else { + return false; + } + } + + if (d_proxyProtocolValuesSent == nullptr) { + return false; + } + + return *tlvs == *d_proxyProtocolValuesSent; +} + +bool TCPConnectionToBackend::isXFRFinished(const TCPResponse& response, TCPQuery& query) +{ + bool done = false; + try { + MOADNSParser parser(true, reinterpret_cast(response.d_buffer.data()), response.d_buffer.size()); + if (parser.d_header.rcode != 0U) { + done = true; + } + else { + for (const auto& record : parser.d_answers) { + if (record.first.d_class != QClass::IN || record.first.d_type != QType::SOA) { + continue; + } + + auto unknownContent = getRR(record.first); + if (!unknownContent) { + continue; + } + auto raw = unknownContent->getRawContent(); + auto serial = getSerialFromRawSOAContent(raw); + ++query.d_xfrSerialCount; + if (query.d_xfrMasterSerial == 0) { + // store the first SOA in our client's connection metadata + ++query.d_xfrMasterSerialCount; + query.d_xfrMasterSerial = serial; + } + else if (query.d_xfrMasterSerial == serial) { + ++query.d_xfrMasterSerialCount; + // figure out if it's end when receiving master's SOA again + if (query.d_xfrSerialCount == 2) { + // if there are only two SOA records marks a finished AXFR + done = true; + } + if (query.d_xfrMasterSerialCount == 3) { + // receiving master's SOA 3 times marks a finished IXFR + done = true; + } + } + } + } + } + catch (const MOADNSException& e) { + DEBUGLOG("Exception when parsing TCPResponse to DNS: " << e.what()); + /* ponder what to do here, shall we close the connection? */ + } + return done; +} diff --git a/dnsdist-tcp-downstream.hh b/dnsdist-tcp-downstream.hh new file mode 100644 index 0000000..547d266 --- /dev/null +++ b/dnsdist-tcp-downstream.hh @@ -0,0 +1,590 @@ +#pragma once + +#include + +#include "sstuff.hh" +#include "tcpiohandler-mplexer.hh" +#include "dnsdist.hh" +#include "dnsdist-tcp.hh" + +class ConnectionToBackend : public std::enable_shared_from_this +{ +public: + ConnectionToBackend(const std::shared_ptr& ds, std::unique_ptr& mplexer, const struct timeval& now): d_connectionStartTime(now), d_lastDataReceivedTime(now), d_ds(ds), d_mplexer(mplexer), d_enableFastOpen(ds->tcpFastOpen) + { + reconnect(); + } + + virtual ~ConnectionToBackend(); + + int getHandle() const + { + if (!d_handler) { + throw std::runtime_error("Attempt to get the socket handle from a non-established TCP connection"); + } + + return d_handler->getDescriptor(); + } + + /* whether the underlying socket has been closed under our feet, basically */ + bool isUsable() const + { + if (!d_handler) { + return false; + } + + return d_handler->isUsable(); + } + + const std::shared_ptr& getDS() const + { + return d_ds; + } + + const ComboAddress& getRemote() const + { + return d_ds->remote; + } + + const std::string& getBackendName() const + { + return d_ds->getName(); + } + + bool isFresh() const + { + return d_fresh; + } + + void setReused() + { + d_fresh = false; + } + + void disableFastOpen() + { + d_enableFastOpen = false; + } + + bool isFastOpenEnabled() + { + return d_enableFastOpen; + } + + /* whether a connection can be used now */ + bool canBeReused(bool sameClient = false) const + { + if (d_connectionDied) { + return false; + } + + /* we can't reuse a connection where a proxy protocol payload has been sent, + since: + - it cannot be reused for a different client + - we might have different TLV values for each query + */ + if (d_ds && d_ds->useProxyProtocol == true && !sameClient) { + return false; + } + + if (reachedMaxStreamID()) { + return false; + } + + if (reachedMaxConcurrentQueries()) { + return false; + } + + return true; + } + + /* full now but will become usable later */ + bool willBeReusable(bool sameClient) const + { + if (d_connectionDied || reachedMaxStreamID()) { + return false; + } + + if (d_ds && d_ds->useProxyProtocol == true) { + return sameClient; + } + + return true; + } + + virtual bool reachedMaxStreamID() const = 0; + virtual bool reachedMaxConcurrentQueries() const = 0; + virtual bool isIdle() const = 0; + virtual void release() = 0; + virtual void stopIO() + { + } + + bool matches(const std::shared_ptr& ds) const + { + if (!ds || !d_ds) { + return false; + } + return ds == d_ds; + } + + virtual void queueQuery(std::shared_ptr& sender, TCPQuery&& query) = 0; + virtual void handleTimeout(const struct timeval& now, bool write) = 0; + + struct timeval getLastDataReceivedTime() const + { + return d_lastDataReceivedTime; + } + + virtual std::string toString() const = 0; + +protected: + bool reconnect(); + + boost::optional getBackendHealthCheckTTD(const struct timeval& now) const + { + if (d_ds == nullptr) { + throw std::runtime_error("getBackendReadTTD() without any backend selected"); + } + if (d_ds->checkTimeout == 0) { + return boost::none; + } + + struct timeval res = now; + res.tv_sec += d_ds->checkTimeout / 1000; /* ms to s */ + res.tv_usec += (d_ds->checkTimeout % 1000) / 1000; /* remaining ms to µs */ + + return res; + } + + boost::optional getBackendReadTTD(const struct timeval& now) const + { + if (d_ds == nullptr) { + throw std::runtime_error("getBackendReadTTD() without any backend selected"); + } + if (d_ds->tcpRecvTimeout == 0) { + return boost::none; + } + + struct timeval res = now; + res.tv_sec += d_ds->tcpRecvTimeout; + + return res; + } + + boost::optional getBackendWriteTTD(const struct timeval& now) const + { + if (d_ds == nullptr) { + throw std::runtime_error("getBackendWriteTTD() called without any backend selected"); + } + if (d_ds->tcpSendTimeout == 0) { + return boost::none; + } + + struct timeval res = now; + res.tv_sec += d_ds->tcpSendTimeout; + + return res; + } + + boost::optional getBackendConnectTTD(const struct timeval& now) const + { + if (d_ds == nullptr) { + throw std::runtime_error("getBackendConnectTTD() called without any backend selected"); + } + if (d_ds->tcpConnectTimeout == 0) { + return boost::none; + } + + struct timeval res = now; + res.tv_sec += d_ds->tcpConnectTimeout; + + return res; + } + + struct timeval d_connectionStartTime; + struct timeval d_lastDataReceivedTime; + const std::shared_ptr d_ds{nullptr}; + std::shared_ptr d_sender{nullptr}; + std::unique_ptr& d_mplexer; + std::unique_ptr d_handler{nullptr}; + std::unique_ptr d_ioState{nullptr}; + uint64_t d_queries{0}; + uint32_t d_highestStreamID{0}; + uint16_t d_downstreamFailures{0}; + bool d_proxyProtocolPayloadSent{false}; + bool d_enableFastOpen{false}; + bool d_connectionDied{false}; + bool d_fresh{true}; +}; + +class TCPConnectionToBackend : public ConnectionToBackend +{ +public: + TCPConnectionToBackend(const std::shared_ptr& ds, std::unique_ptr& mplexer, const struct timeval& now, std::string&& /* proxyProtocolPayload*, unused but there to match the HTTP2 connections, so we can use the same templated connections manager class */): ConnectionToBackend(ds, mplexer, now), d_responseBuffer(s_maxPacketCacheEntrySize) + { + } + + virtual ~TCPConnectionToBackend(); + + bool isIdle() const override + { + return d_state == State::idle && d_pendingQueries.size() == 0 && d_pendingResponses.size() == 0; + } + + bool reachedMaxStreamID() const override + { + /* TCP/DoT has only 2^16 usable identifiers, DoH has 2^32 */ + const uint32_t maximumStreamID = std::numeric_limits::max() - 1; + return d_highestStreamID == maximumStreamID; + } + + bool reachedMaxConcurrentQueries() const override + { + const size_t concurrent = d_pendingQueries.size() + d_pendingResponses.size(); + if (concurrent > 0 && concurrent >= d_ds->d_maxInFlightQueriesPerConn) { + return true; + } + return false; + } + bool matchesTLVs(const std::unique_ptr>& tlvs) const; + + void queueQuery(std::shared_ptr& sender, TCPQuery&& query) override; + void handleTimeout(const struct timeval& now, bool write) override; + void release() override; + + std::string toString() const override + { + ostringstream o; + o << "TCP connection to backend "<<(d_ds ? d_ds->getName() : "empty")<<" over FD "<<(d_handler ? std::to_string(d_handler->getDescriptor()) : "no socket")<<", state is "<<(int)d_state<<", io state is "<<(d_ioState ? d_ioState->getState() : "empty")<<", queries count is "<>&& proxyProtocolValuesSent); + +private: + /* waitingForResponseFromBackend is a state where we have not yet started reading the size, + so we can still switch to sending instead */ + enum class State : uint8_t { idle, sendingQueryToBackend, waitingForResponseFromBackend, readingResponseSizeFromBackend, readingResponseFromBackend }; + enum class FailureReason : uint8_t { /* too many attempts */ gaveUp, timeout, unexpectedQueryID }; + + static void handleIO(std::shared_ptr& conn, const struct timeval& now); + static void handleIOCallback(int fd, FDMultiplexer::funcparam_t& param); + static IOState queueNextQuery(std::shared_ptr& conn); + static IOState sendQuery(std::shared_ptr& conn, const struct timeval& now); + static bool isXFRFinished(const TCPResponse& response, TCPQuery& query); + + IOState handleResponse(std::shared_ptr& conn, const struct timeval& now); + uint16_t getQueryIdFromResponse() const; + void notifyAllQueriesFailed(const struct timeval& now, FailureReason reason); + bool needProxyProtocolPayload() const + { + return !d_proxyProtocolPayloadSent && (d_ds && d_ds->useProxyProtocol); + } + + class PendingRequest + { + public: + std::shared_ptr d_sender{nullptr}; + TCPQuery d_query; + }; + + PacketBuffer d_responseBuffer; + std::deque d_pendingQueries; + std::unordered_map d_pendingResponses; + std::unique_ptr> d_proxyProtocolValuesSent{nullptr}; + PendingRequest d_currentQuery; + size_t d_currentPos{0}; + uint16_t d_responseSize{0}; + State d_state{State::idle}; +}; + +template class DownstreamConnectionsManager +{ + struct SequencedTag {}; + struct OrderedTag {}; + + typedef multi_index_container< + std::shared_ptr, + indexed_by < + ordered_unique, + identity> + >, + /* new elements are added to the front of the sequence */ + sequenced > + > + > list_t; + struct ConnectionLists + { + list_t d_actives; + list_t d_idles; + }; + +public: + static void setMaxIdleConnectionsPerDownstream(size_t max) + { + s_maxIdleConnectionsPerDownstream = max; + } + + static void setCleanupInterval(uint16_t interval) + { + s_cleanupInterval = interval; + } + + static void setMaxIdleTime(uint16_t max) + { + s_maxIdleTime = max; + } + + std::shared_ptr getConnectionToDownstream(std::unique_ptr& mplexer, const std::shared_ptr& ds, const struct timeval& now, std::string&& proxyProtocolPayload) + { + struct timeval freshCutOff = now; + freshCutOff.tv_sec -= 1; + + auto backendId = ds->getID(); + + cleanupClosedConnections(now); + + const bool haveProxyProtocol = ds->useProxyProtocol || !proxyProtocolPayload.empty(); + if (!haveProxyProtocol) { + const auto& it = d_downstreamConnections.find(backendId); + if (it != d_downstreamConnections.end()) { + /* first scan idle connections, more recent first */ + auto entry = findUsableConnectionInList(now, freshCutOff, it->second.d_idles, true); + if (entry) { + ++ds->tcpReusedConnections; + it->second.d_actives.insert(entry); + return entry; + } + + /* then scan actives ones, more recent first as well */ + entry = findUsableConnectionInList(now, freshCutOff, it->second.d_actives, false); + if (entry) { + ++ds->tcpReusedConnections; + return entry; + } + } + } + + auto newConnection = std::make_shared(ds, mplexer, now, std::move(proxyProtocolPayload)); + if (!haveProxyProtocol) { + auto& list = d_downstreamConnections[backendId].d_actives; + list.template get().push_front(newConnection); + } + + return newConnection; + } + + void cleanupClosedConnections(const struct timeval& now) + { + if (s_cleanupInterval == 0 || (d_nextCleanup != 0 && d_nextCleanup > now.tv_sec)) { + return; + } + + d_nextCleanup = now.tv_sec + s_cleanupInterval; + + struct timeval freshCutOff = now; + freshCutOff.tv_sec -= 1; + struct timeval idleCutOff = now; + idleCutOff.tv_sec -= s_maxIdleTime; + + for (auto dsIt = d_downstreamConnections.begin(); dsIt != d_downstreamConnections.end(); ) { + cleanUpList(dsIt->second.d_idles, now, freshCutOff, idleCutOff); + cleanUpList(dsIt->second.d_actives, now, freshCutOff, idleCutOff); + + if (dsIt->second.d_idles.empty() && dsIt->second.d_actives.empty()) { + dsIt = d_downstreamConnections.erase(dsIt); + } + else { + ++dsIt; + } + } + } + + size_t clear() + { + size_t count = 0; + for (const auto& downstream : d_downstreamConnections) { + count += downstream.second.d_actives.size(); + for (auto& conn : downstream.second.d_actives) { + conn->stopIO(); + } + count += downstream.second.d_idles.size(); + for (auto& conn : downstream.second.d_idles) { + conn->stopIO(); + } + } + + d_downstreamConnections.clear(); + return count; + } + + size_t count() const + { + return getActiveCount() + getIdleCount(); + } + + size_t getActiveCount() const + { + size_t count = 0; + for (const auto& downstream : d_downstreamConnections) { + count += downstream.second.d_actives.size(); + } + return count; + } + + size_t getIdleCount() const + { + size_t count = 0; + for (const auto& downstream : d_downstreamConnections) { + count += downstream.second.d_idles.size(); + } + return count; + } + + bool removeDownstreamConnection(std::shared_ptr& conn) + { + auto backendIt = d_downstreamConnections.find(conn->getDS()->getID()); + if (backendIt == d_downstreamConnections.end()) { + return false; + } + + /* idle list first */ + { + auto it = backendIt->second.d_idles.find(conn); + if (it != backendIt->second.d_idles.end()) { + backendIt->second.d_idles.erase(it); + return true; + } + } + /* then active */ + { + auto it = backendIt->second.d_actives.find(conn); + if (it != backendIt->second.d_actives.end()) { + backendIt->second.d_actives.erase(it); + return true; + } + } + + return false; + } + + bool moveToIdle(std::shared_ptr& conn) + { + auto backendIt = d_downstreamConnections.find(conn->getDS()->getID()); + if (backendIt == d_downstreamConnections.end()) { + return false; + } + + auto it = backendIt->second.d_actives.find(conn); + if (it == backendIt->second.d_actives.end()) { + return false; + } + + backendIt->second.d_actives.erase(it); + + if (backendIt->second.d_idles.size() >= s_maxIdleConnectionsPerDownstream) { + backendIt->second.d_idles.template get().pop_back(); + } + + backendIt->second.d_idles.template get().push_front(conn); + return true; + } + +protected: + + void cleanUpList(list_t& list, const struct timeval& now, const struct timeval& freshCutOff, const struct timeval& idleCutOff) + { + auto& sidx = list.template get(); + for (auto connIt = sidx.begin(); connIt != sidx.end(); ) { + if (!(*connIt)) { + connIt = sidx.erase(connIt); + continue; + } + + auto& entry = *connIt; + + /* don't bother checking freshly used connections */ + if (freshCutOff < entry->getLastDataReceivedTime()) { + ++connIt; + continue; + } + + if (entry->isIdle() && entry->getLastDataReceivedTime() < idleCutOff) { + /* idle for too long */ + connIt = sidx.erase(connIt); + continue; + } + + if (entry->isUsable()) { + ++connIt; + continue; + } + + connIt = sidx.erase(connIt); + } + } + + std::shared_ptr findUsableConnectionInList(const struct timeval& now, const struct timeval& freshCutOff, list_t& list, bool removeIfFound) + { + auto& sidx = list.template get(); + for (auto listIt = sidx.begin(); listIt != sidx.end(); ) { + if (!(*listIt)) { + listIt = sidx.erase(listIt); + continue; + } + + auto& entry = *listIt; + if (isConnectionUsable(entry, now, freshCutOff)) { + entry->setReused(); + // make a copy since the iterator will be invalidated after erasing + auto result = entry; + if (removeIfFound) { + sidx.erase(listIt); + } + return result; + } + + if (entry->willBeReusable(false)) { + ++listIt; + continue; + } + + /* that connection will not be usable later, no need to keep it in that list */ + listIt = sidx.erase(listIt); + } + + return nullptr; + } + + bool isConnectionUsable(const std::shared_ptr& conn, const struct timeval& now, const struct timeval& freshCutOff) + { + if (!conn->canBeReused()) { + return false; + } + + /* for connections that have not been used very recently, + check whether they have been closed in the meantime */ + if (freshCutOff < conn->getLastDataReceivedTime()) { + /* used recently enough, skip the check */ + return true; + } + + return conn->isUsable(); + } + + static size_t s_maxIdleConnectionsPerDownstream; + static uint16_t s_cleanupInterval; + static uint16_t s_maxIdleTime; + + std::map d_downstreamConnections; + + time_t d_nextCleanup{0}; +}; + +template size_t DownstreamConnectionsManager::s_maxIdleConnectionsPerDownstream{10}; +template uint16_t DownstreamConnectionsManager::s_cleanupInterval{60}; +template uint16_t DownstreamConnectionsManager::s_maxIdleTime{300}; + +using DownstreamTCPConnectionsManager = DownstreamConnectionsManager; +extern thread_local DownstreamTCPConnectionsManager t_downstreamTCPConnectionsManager; diff --git a/dnsdist-tcp-upstream.hh b/dnsdist-tcp-upstream.hh new file mode 100644 index 0000000..9ed8b6b --- /dev/null +++ b/dnsdist-tcp-upstream.hh @@ -0,0 +1,177 @@ +#pragma once + +#include "dolog.hh" +#include "dnsdist-tcp.hh" + +class TCPClientThreadData +{ +public: + TCPClientThreadData(): localRespRuleActions(g_respruleactions.getLocal()), mplexer(std::unique_ptr(FDMultiplexer::getMultiplexerSilent())) + { + } + + LocalHolders holders; + LocalStateHolder > localRespRuleActions; + std::unique_ptr mplexer{nullptr}; + int crossProtocolResponsesPipe{-1}; +}; + +class IncomingTCPConnectionState : public TCPQuerySender, public std::enable_shared_from_this +{ +public: + IncomingTCPConnectionState(ConnectionInfo&& ci, TCPClientThreadData& threadData, const struct timeval& now): d_buffer(s_maxPacketCacheEntrySize), d_ci(std::move(ci)), d_handler(d_ci.fd, timeval{g_tcpRecvTimeout,0}, d_ci.cs->tlsFrontend ? d_ci.cs->tlsFrontend->getContext() : nullptr, now.tv_sec), d_connectionStartTime(now), d_ioState(make_unique(*threadData.mplexer, d_ci.fd)), d_threadData(threadData) + { + d_origDest.reset(); + d_origDest.sin4.sin_family = d_ci.remote.sin4.sin_family; + socklen_t socklen = d_origDest.getSocklen(); + if (getsockname(d_ci.fd, reinterpret_cast(&d_origDest), &socklen)) { + d_origDest = d_ci.cs->local; + } + /* belongs to the handler now */ + d_ci.fd = -1; + d_proxiedDestination = d_origDest; + d_proxiedRemote = d_ci.remote; + + /* we manage the release of the downstream connection ourselves */ + d_releaseConnection = false; + } + + IncomingTCPConnectionState(const IncomingTCPConnectionState& rhs) = delete; + IncomingTCPConnectionState& operator=(const IncomingTCPConnectionState& rhs) = delete; + + ~IncomingTCPConnectionState(); + + void resetForNewQuery(); + + boost::optional getClientReadTTD(struct timeval now) const + { + if (g_maxTCPConnectionDuration == 0 && g_tcpRecvTimeout == 0) { + return boost::none; + } + + if (g_maxTCPConnectionDuration > 0) { + auto elapsed = now.tv_sec - d_connectionStartTime.tv_sec; + if (elapsed < 0 || (static_cast(elapsed) >= g_maxTCPConnectionDuration)) { + return now; + } + auto remaining = g_maxTCPConnectionDuration - elapsed; + if (g_tcpRecvTimeout == 0 || remaining <= static_cast(g_tcpRecvTimeout)) { + now.tv_sec += remaining; + return now; + } + } + + now.tv_sec += g_tcpRecvTimeout; + return now; + } + + boost::optional getClientWriteTTD(const struct timeval& now) const + { + if (g_maxTCPConnectionDuration == 0 && g_tcpSendTimeout == 0) { + return boost::none; + } + + struct timeval res = now; + + if (g_maxTCPConnectionDuration > 0) { + auto elapsed = res.tv_sec - d_connectionStartTime.tv_sec; + if (elapsed < 0 || static_cast(elapsed) >= g_maxTCPConnectionDuration) { + return res; + } + auto remaining = g_maxTCPConnectionDuration - elapsed; + if (g_tcpSendTimeout == 0 || remaining <= static_cast(g_tcpSendTimeout)) { + res.tv_sec += remaining; + return res; + } + } + + res.tv_sec += g_tcpSendTimeout; + return res; + } + + bool maxConnectionDurationReached(unsigned int maxConnectionDuration, const struct timeval& now) + { + if (maxConnectionDuration) { + time_t curtime = now.tv_sec; + unsigned int elapsed = 0; + if (curtime > d_connectionStartTime.tv_sec) { // To prevent issues when time goes backward + elapsed = curtime - d_connectionStartTime.tv_sec; + } + if (elapsed >= maxConnectionDuration) { + return true; + } + } + + return false; + } + + std::shared_ptr getOwnedDownstreamConnection(const std::shared_ptr& ds, const std::unique_ptr>& tlvs); + std::shared_ptr getDownstreamConnection(std::shared_ptr& ds, const std::unique_ptr>& tlvs, const struct timeval& now); + void registerOwnedDownstreamConnection(std::shared_ptr& conn); + + static size_t clearAllDownstreamConnections(); + + static void handleIO(std::shared_ptr& conn, const struct timeval& now); + static void handleIOCallback(int fd, FDMultiplexer::funcparam_t& param); + + static IOState sendResponse(std::shared_ptr& state, const struct timeval& now, TCPResponse&& response); + static void queueResponse(std::shared_ptr& state, const struct timeval& now, TCPResponse&& response); +static void handleTimeout(std::shared_ptr& state, bool write); + + /* we take a copy of a shared pointer, not a reference, because the initial shared pointer might be released during the handling of the response */ + void handleResponse(const struct timeval& now, TCPResponse&& response) override; + void handleXFRResponse(const struct timeval& now, TCPResponse&& response) override; + void notifyIOError(IDState&& query, const struct timeval& now) override; + + void terminateClientConnection(); + void queueQuery(TCPQuery&& query); + + bool canAcceptNewQueries(const struct timeval& now); + + bool active() const override + { + return d_ioState != nullptr; + } + + const ClientState* getClientState() const override + { + return d_ci.cs; + } + + std::string toString() const + { + ostringstream o; + o << "Incoming TCP connection from "<getState() : "empty")<<", queries count is "<, std::deque>> d_ownedConnectionsToBackend; + std::deque d_queuedResponses; + PacketBuffer d_buffer; + ConnectionInfo d_ci; + ComboAddress d_origDest; + ComboAddress d_proxiedRemote; + ComboAddress d_proxiedDestination; + TCPIOHandler d_handler; + struct timeval d_connectionStartTime; + struct timeval d_handshakeDoneTime; + struct timeval d_firstQuerySizeReadTime; + struct timeval d_querySizeReadTime; + struct timeval d_queryReadTime; + std::unique_ptr d_ioState{nullptr}; + std::unique_ptr> d_proxyProtocolValues{nullptr}; + TCPClientThreadData& d_threadData; + size_t d_currentPos{0}; + size_t d_proxyProtocolNeed{0}; + size_t d_queriesCount{0}; + size_t d_currentQueriesCount{0}; + uint16_t d_querySize{0}; + State d_state{State::doingHandshake}; + bool d_isXFR{false}; + bool d_proxyProtocolPayloadHasTLV{false}; + bool d_lastIOBlocked{false}; + bool d_hadErrors{false}; +}; diff --git a/dnsdist-tcp.cc b/dnsdist-tcp.cc new file mode 100644 index 0000000..adeedb4 --- /dev/null +++ b/dnsdist-tcp.cc @@ -0,0 +1,1382 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include + +#include "dnsdist.hh" +#include "dnsdist-ecs.hh" +#include "dnsdist-proxy-protocol.hh" +#include "dnsdist-rings.hh" +#include "dnsdist-tcp.hh" +#include "dnsdist-tcp-downstream.hh" +#include "dnsdist-tcp-upstream.hh" +#include "dnsdist-xpf.hh" +#include "dnsparser.hh" +#include "dolog.hh" +#include "gettime.hh" +#include "lock.hh" +#include "sstuff.hh" +#include "tcpiohandler.hh" +#include "tcpiohandler-mplexer.hh" +#include "threadname.hh" + +/* TCP: the grand design. + We forward 'messages' between clients and downstream servers. Messages are 65k bytes large, tops. + An answer might theoretically consist of multiple messages (for example, in the case of AXFR), initially + we will not go there. + + In a sense there is a strong symmetry between UDP and TCP, once a connection to a downstream has been setup. + This symmetry is broken because of head-of-line blocking within TCP though, necessitating additional connections + to guarantee performance. + + So the idea is to have a 'pool' of available downstream connections, and forward messages to/from them and never queue. + So whenever an answer comes in, we know where it needs to go. + + Let's start naively. +*/ + +static LockGuarded> s_tcpClientsCount; + +size_t g_maxTCPQueriesPerConn{0}; +size_t g_maxTCPConnectionDuration{0}; +size_t g_maxTCPConnectionsPerClient{0}; +#ifdef __linux__ +// On Linux this gives us 128k pending queries (default is 8192 queries), +// which should be enough to deal with huge spikes +size_t g_tcpInternalPipeBufferSize{1024*1024}; +uint64_t g_maxTCPQueuedConnections{10000}; +#else +size_t g_tcpInternalPipeBufferSize{0}; +uint64_t g_maxTCPQueuedConnections{1000}; +#endif + +int g_tcpRecvTimeout{2}; +int g_tcpSendTimeout{2}; +std::atomic g_tcpStatesDumpRequested{0}; + +static void decrementTCPClientCount(const ComboAddress& client) +{ + if (g_maxTCPConnectionsPerClient) { + auto tcpClientsCount = s_tcpClientsCount.lock(); + tcpClientsCount->at(client)--; + if (tcpClientsCount->at(client) == 0) { + tcpClientsCount->erase(client); + } + } +} + +IncomingTCPConnectionState::~IncomingTCPConnectionState() +{ + decrementTCPClientCount(d_ci.remote); + + if (d_ci.cs != nullptr) { + struct timeval now; + gettimeofday(&now, nullptr); + + auto diff = now - d_connectionStartTime; + d_ci.cs->updateTCPMetrics(d_queriesCount, diff.tv_sec * 1000.0 + diff.tv_usec / 1000.0); + } + + // would have been done when the object is destroyed anyway, + // but that way we make sure it's done before the ConnectionInfo is destroyed, + // closing the descriptor, instead of relying on the declaration order of the objects in the class + d_handler.close(); +} + +size_t IncomingTCPConnectionState::clearAllDownstreamConnections() +{ + return t_downstreamTCPConnectionsManager.clear(); +} + +std::shared_ptr IncomingTCPConnectionState::getDownstreamConnection(std::shared_ptr& ds, const std::unique_ptr>& tlvs, const struct timeval& now) +{ + std::shared_ptr downstream{nullptr}; + + downstream = getOwnedDownstreamConnection(ds, tlvs); + + if (!downstream) { + /* we don't have a connection to this backend owned yet, let's get one (it might not be a fresh one, though) */ + downstream = t_downstreamTCPConnectionsManager.getConnectionToDownstream(d_threadData.mplexer, ds, now, std::string()); + if (ds->useProxyProtocol) { + registerOwnedDownstreamConnection(downstream); + } + } + + return downstream; +} + +static void tcpClientThread(int pipefd, int crossProtocolQueriesPipeFD, int crossProtocolResponsesListenPipeFD, int crossProtocolResponsesWritePipeFD); + +TCPClientCollection::TCPClientCollection(size_t maxThreads): d_tcpclientthreads(maxThreads), d_maxthreads(maxThreads) +{ + for (size_t idx = 0; idx < maxThreads; idx++) { + addTCPClientThread(); + } +} + +void TCPClientCollection::addTCPClientThread() +{ + auto preparePipe = [](int fds[2], const std::string& type) -> bool { + if (pipe(fds) < 0) { + errlog("Error creating the TCP thread %s pipe: %s", type, stringerror()); + return false; + } + + if (!setNonBlocking(fds[0])) { + int err = errno; + close(fds[0]); + close(fds[1]); + errlog("Error setting the TCP thread %s pipe non-blocking: %s", type, stringerror(err)); + return false; + } + + if (!setNonBlocking(fds[1])) { + int err = errno; + close(fds[0]); + close(fds[1]); + errlog("Error setting the TCP thread %s pipe non-blocking: %s", type, stringerror(err)); + return false; + } + + if (g_tcpInternalPipeBufferSize > 0 && getPipeBufferSize(fds[0]) < g_tcpInternalPipeBufferSize) { + setPipeBufferSize(fds[0], g_tcpInternalPipeBufferSize); + } + + return true; + }; + + int pipefds[2] = { -1, -1}; + if (!preparePipe(pipefds, "communication")) { + return; + } + + int crossProtocolQueriesFDs[2] = { -1, -1}; + if (!preparePipe(crossProtocolQueriesFDs, "cross-protocol queries")) { + return; + } + + int crossProtocolResponsesFDs[2] = { -1, -1}; + if (!preparePipe(crossProtocolResponsesFDs, "cross-protocol responses")) { + return; + } + + vinfolog("Adding TCP Client thread"); + + { + if (d_numthreads >= d_tcpclientthreads.size()) { + vinfolog("Adding a new TCP client thread would exceed the vector size (%d/%d), skipping. Consider increasing the maximum amount of TCP client threads with setMaxTCPClientThreads() in the configuration.", d_numthreads.load(), d_tcpclientthreads.size()); + close(crossProtocolQueriesFDs[0]); + close(crossProtocolQueriesFDs[1]); + close(crossProtocolResponsesFDs[0]); + close(crossProtocolResponsesFDs[1]); + close(pipefds[0]); + close(pipefds[1]); + return; + } + + /* from now on this side of the pipe will be managed by that object, + no need to worry about it */ + TCPWorkerThread worker(pipefds[1], crossProtocolQueriesFDs[1], crossProtocolResponsesFDs[1]); + try { + std::thread t1(tcpClientThread, pipefds[0], crossProtocolQueriesFDs[0], crossProtocolResponsesFDs[0], crossProtocolResponsesFDs[1]); + t1.detach(); + } + catch (const std::runtime_error& e) { + /* the thread creation failed, don't leak */ + errlog("Error creating a TCP thread: %s", e.what()); + close(pipefds[0]); + close(crossProtocolQueriesFDs[0]); + close(crossProtocolResponsesFDs[0]); + return; + } + + d_tcpclientthreads.at(d_numthreads) = std::move(worker); + ++d_numthreads; + } +} + +std::unique_ptr g_tcpclientthreads; + +static IOState sendQueuedResponses(std::shared_ptr& state, const struct timeval& now) +{ + IOState result = IOState::Done; + + while (state->active() && !state->d_queuedResponses.empty()) { + DEBUGLOG("queue size is "<d_queuedResponses.size()<<", sending the next one"); + TCPResponse resp = std::move(state->d_queuedResponses.front()); + state->d_queuedResponses.pop_front(); + state->d_state = IncomingTCPConnectionState::State::idle; + result = state->sendResponse(state, now, std::move(resp)); + if (result != IOState::Done) { + return result; + } + } + + state->d_state = IncomingTCPConnectionState::State::idle; + return IOState::Done; +} + +static void updateTCPLatency(const std::shared_ptr& ds, double udiff) +{ + ds->latencyUsecTCP = (127.0 * ds->latencyUsecTCP / 128.0) + udiff/128.0; +} + +static void handleResponseSent(std::shared_ptr& state, const TCPResponse& currentResponse) +{ + if (currentResponse.d_idstate.qtype == QType::AXFR || currentResponse.d_idstate.qtype == QType::IXFR) { + return; + } + + --state->d_currentQueriesCount; + + if (currentResponse.d_selfGenerated == false && currentResponse.d_connection && currentResponse.d_connection->getDS()) { + const auto& ds = currentResponse.d_connection->getDS(); + const auto& ids = currentResponse.d_idstate; + double udiff = ids.sentTime.udiff(); + vinfolog("Got answer from %s, relayed to %s (%s, %d bytes), took %f usec", ds->remote.toStringWithPort(), ids.origRemote.toStringWithPort(), (state->d_handler.isTLS() ? "DoT" : "TCP"), currentResponse.d_buffer.size(), udiff); + + auto backendProtocol = ds->getProtocol(); + if (backendProtocol == dnsdist::Protocol::DoUDP) { + backendProtocol = dnsdist::Protocol::DoTCP; + } + ::handleResponseSent(ids, udiff, state->d_ci.remote, ds->remote, static_cast(currentResponse.d_buffer.size()), currentResponse.d_cleartextDH, backendProtocol); + + updateTCPLatency(ds, udiff); + } +} + +static void prependSizeToTCPQuery(PacketBuffer& buffer, size_t proxyProtocolPayloadSize) +{ + if (buffer.size() <= proxyProtocolPayloadSize) { + throw std::runtime_error("The payload size is smaller or equal to the buffer size"); + } + + uint16_t queryLen = proxyProtocolPayloadSize > 0 ? (buffer.size() - proxyProtocolPayloadSize) : buffer.size(); + const uint8_t sizeBytes[] = { static_cast(queryLen / 256), static_cast(queryLen % 256) }; + /* prepend the size. Yes, this is not the most efficient way but it prevents mistakes + that could occur if we had to deal with the size during the processing, + especially alignment issues */ + buffer.insert(buffer.begin() + proxyProtocolPayloadSize, sizeBytes, sizeBytes + 2); +} + +bool IncomingTCPConnectionState::canAcceptNewQueries(const struct timeval& now) +{ + if (d_hadErrors) { + DEBUGLOG("not accepting new queries because we encountered some error during the processing already"); + return false; + } + + if (d_currentQueriesCount >= d_ci.cs->d_maxInFlightQueriesPerConn) { + DEBUGLOG("not accepting new queries because we already have "<d_maxInFlightQueriesPerConn); + return false; + } + + if (g_maxTCPQueriesPerConn && d_queriesCount > g_maxTCPQueriesPerConn) { + vinfolog("not accepting new queries from %s because it reached the maximum number of queries per conn (%d / %d)", d_ci.remote.toStringWithPort(), d_queriesCount, g_maxTCPQueriesPerConn); + return false; + } + + if (maxConnectionDurationReached(g_maxTCPConnectionDuration, now)) { + vinfolog("not accepting new queries from %s because it reached the maximum TCP connection duration", d_ci.remote.toStringWithPort()); + return false; + } + + return true; +} + +void IncomingTCPConnectionState::resetForNewQuery() +{ + d_buffer.resize(sizeof(uint16_t)); + d_currentPos = 0; + d_querySize = 0; + d_state = State::waitingForQuery; +} + +std::shared_ptr IncomingTCPConnectionState::getOwnedDownstreamConnection(const std::shared_ptr& ds, const std::unique_ptr>& tlvs) +{ + auto it = d_ownedConnectionsToBackend.find(ds); + if (it == d_ownedConnectionsToBackend.end()) { + DEBUGLOG("no owned connection found for "<getName()); + return nullptr; + } + + for (auto& conn : it->second) { + if (conn->canBeReused(true) && conn->matchesTLVs(tlvs)) { + DEBUGLOG("Got one owned connection accepting more for "<getName()); + conn->setReused(); + return conn; + } + DEBUGLOG("not accepting more for "<getName()); + } + + return nullptr; +} + +void IncomingTCPConnectionState::registerOwnedDownstreamConnection(std::shared_ptr& conn) +{ + d_ownedConnectionsToBackend[conn->getDS()].push_front(conn); +} + +/* called when the buffer has been set and the rules have been processed, and only from handleIO (sometimes indirectly via handleQuery) */ +IOState IncomingTCPConnectionState::sendResponse(std::shared_ptr& state, const struct timeval& now, TCPResponse&& response) +{ + state->d_state = IncomingTCPConnectionState::State::sendingResponse; + + uint16_t responseSize = static_cast(response.d_buffer.size()); + const uint8_t sizeBytes[] = { static_cast(responseSize / 256), static_cast(responseSize % 256) }; + /* prepend the size. Yes, this is not the most efficient way but it prevents mistakes + that could occur if we had to deal with the size during the processing, + especially alignment issues */ + response.d_buffer.insert(response.d_buffer.begin(), sizeBytes, sizeBytes + 2); + state->d_currentPos = 0; + state->d_currentResponse = std::move(response); + + try { + auto iostate = state->d_handler.tryWrite(state->d_currentResponse.d_buffer, state->d_currentPos, state->d_currentResponse.d_buffer.size()); + if (iostate == IOState::Done) { + DEBUGLOG("response sent from "<<__PRETTY_FUNCTION__); + handleResponseSent(state, state->d_currentResponse); + return iostate; + } else { + state->d_lastIOBlocked = true; + DEBUGLOG("partial write"); + return iostate; + } + } + catch (const std::exception& e) { + vinfolog("Closing TCP client connection with %s: %s", state->d_ci.remote.toStringWithPort(), e.what()); + DEBUGLOG("Closing TCP client connection: "<d_ci.cs->tcpDiedSendingResponse; + + state->terminateClientConnection(); + + return IOState::Done; + } +} + +void IncomingTCPConnectionState::terminateClientConnection() +{ + DEBUGLOG("terminating client connection"); + d_queuedResponses.clear(); + /* we have already released idle connections that could be reused, + we don't care about the ones still waiting for responses */ + for (auto& backend : d_ownedConnectionsToBackend) { + for (auto& conn : backend.second) { + conn->release(); + } + } + d_ownedConnectionsToBackend.clear(); + /* meaning we will no longer be 'active' when the backend + response or timeout comes in */ + d_ioState.reset(); + d_handler.close(); +} + +void IncomingTCPConnectionState::queueResponse(std::shared_ptr& state, const struct timeval& now, TCPResponse&& response) +{ + // queue response + state->d_queuedResponses.push_back(std::move(response)); + DEBUGLOG("queueing response, state is "<<(int)state->d_state<<", queue size is now "<d_queuedResponses.size()); + + // when the response comes from a backend, there is a real possibility that we are currently + // idle, and thus not trying to send the response right away would make our ref count go to 0. + // Even if we are waiting for a query, we will not wake up before the new query arrives or a + // timeout occurs + if (state->d_state == IncomingTCPConnectionState::State::idle || + state->d_state == IncomingTCPConnectionState::State::waitingForQuery) { + auto iostate = sendQueuedResponses(state, now); + + if (iostate == IOState::Done && state->active()) { + if (state->canAcceptNewQueries(now)) { + state->resetForNewQuery(); + state->d_state = IncomingTCPConnectionState::State::waitingForQuery; + iostate = IOState::NeedRead; + } + else { + state->d_state = IncomingTCPConnectionState::State::idle; + } + } + + // for the same reason we need to update the state right away, nobody will do that for us + if (state->active()) { + state->d_ioState->update(iostate, handleIOCallback, state, iostate == IOState::NeedWrite ? state->getClientWriteTTD(now) : state->getClientReadTTD(now)); + } + } +} + +/* called from the backend code when a new response has been received */ +void IncomingTCPConnectionState::handleResponse(const struct timeval& now, TCPResponse&& response) +{ + std::shared_ptr state = shared_from_this(); + + if (response.d_connection && response.d_connection->getDS() && response.d_connection->getDS()->useProxyProtocol) { + // if we have added a TCP Proxy Protocol payload to a connection, don't release it to the general pool as no one else will be able to use it anyway + if (!response.d_connection->willBeReusable(true)) { + // if it can't be reused even by us, well + const auto connIt = state->d_ownedConnectionsToBackend.find(response.d_connection->getDS()); + if (connIt != state->d_ownedConnectionsToBackend.end()) { + auto& list = connIt->second; + + for (auto it = list.begin(); it != list.end(); ++it) { + if (*it == response.d_connection) { + try { + response.d_connection->release(); + } + catch (const std::exception& e) { + vinfolog("Error releasing connection: %s", e.what()); + } + list.erase(it); + break; + } + } + } + } + } + + if (response.d_buffer.size() < sizeof(dnsheader)) { + state->terminateClientConnection(); + return; + } + + try { + auto& ids = response.d_idstate; + unsigned int qnameWireLength; + if (!responseContentMatches(response.d_buffer, ids.qname, ids.qtype, ids.qclass, response.d_connection->getRemote(), qnameWireLength)) { + state->terminateClientConnection(); + return; + } + + if (response.d_connection->getDS()) { + ++response.d_connection->getDS()->responses; + } + + DNSResponse dr = makeDNSResponseFromIDState(ids, response.d_buffer); + + memcpy(&response.d_cleartextDH, dr.getHeader(), sizeof(response.d_cleartextDH)); + + if (!processResponse(response.d_buffer, state->d_threadData.localRespRuleActions, dr, false, false)) { + state->terminateClientConnection(); + return; + } + } + catch (const std::exception& e) { + vinfolog("Unexpected exception while handling response from backend: %s", e.what()); + state->terminateClientConnection(); + return; + } + + ++g_stats.responses; + ++state->d_ci.cs->responses; + + queueResponse(state, now, std::move(response)); +} + +struct TCPCrossProtocolResponse +{ + TCPCrossProtocolResponse(TCPResponse&& response, std::shared_ptr& state, const struct timeval& now): d_response(std::move(response)), d_state(state), d_now(now) + { + } + + TCPResponse d_response; + std::shared_ptr d_state; + struct timeval d_now; +}; + +class TCPCrossProtocolQuerySender : public TCPQuerySender +{ +public: + TCPCrossProtocolQuerySender(std::shared_ptr& state, int responseDescriptor): d_state(state), d_responseDesc(responseDescriptor) + { + } + + bool active() const override + { + return d_state->active(); + } + + const ClientState* getClientState() const override + { + return d_state->getClientState(); + } + + void handleResponse(const struct timeval& now, TCPResponse&& response) override + { + if (d_responseDesc == -1) { + throw std::runtime_error("Invalid pipe descriptor in TCP Cross Protocol Query Sender"); + } + + auto ptr = new TCPCrossProtocolResponse(std::move(response), d_state, now); + static_assert(sizeof(ptr) <= PIPE_BUF, "Writes up to PIPE_BUF are guaranteed not to be interleaved and to either fully succeed or fail"); + ssize_t sent = write(d_responseDesc, &ptr, sizeof(ptr)); + if (sent != sizeof(ptr)) { + if (errno == EAGAIN || errno == EWOULDBLOCK) { + ++g_stats.tcpCrossProtocolResponsePipeFull; + vinfolog("Unable to pass a cross-protocol response to the TCP worker thread because the pipe is full"); + } + else { + vinfolog("Unable to pass a cross-protocol response to the TCP worker thread because we couldn't write to the pipe: %s", stringerror()); + } + delete ptr; + } + } + + void handleXFRResponse(const struct timeval& now, TCPResponse&& response) override + { + handleResponse(now, std::move(response)); + } + + void notifyIOError(IDState&& query, const struct timeval& now) override + { + TCPResponse response(PacketBuffer(), std::move(query), nullptr); + handleResponse(now, std::move(response)); + } + +private: + std::shared_ptr d_state; + int d_responseDesc{-1}; +}; + +class TCPCrossProtocolQuery : public CrossProtocolQuery +{ +public: + TCPCrossProtocolQuery(PacketBuffer&& buffer, IDState&& ids, std::shared_ptr& ds, std::shared_ptr& sender): d_sender(sender) + { + query = InternalQuery(std::move(buffer), std::move(ids)); + downstream = ds; + proxyProtocolPayloadSize = 0; + } + + ~TCPCrossProtocolQuery() + { + } + + std::shared_ptr getTCPQuerySender() override + { + return d_sender; + } + +private: + std::shared_ptr d_sender; +}; + +static void handleQuery(std::shared_ptr& state, const struct timeval& now) +{ + if (state->d_querySize < sizeof(dnsheader)) { + ++g_stats.nonCompliantQueries; + state->terminateClientConnection(); + return; + } + + ++state->d_queriesCount; + ++state->d_ci.cs->queries; + ++g_stats.queries; + + if (state->d_handler.isTLS()) { + auto tlsVersion = state->d_handler.getTLSVersion(); + switch (tlsVersion) { + case LibsslTLSVersion::TLS10: + ++state->d_ci.cs->tls10queries; + break; + case LibsslTLSVersion::TLS11: + ++state->d_ci.cs->tls11queries; + break; + case LibsslTLSVersion::TLS12: + ++state->d_ci.cs->tls12queries; + break; + case LibsslTLSVersion::TLS13: + ++state->d_ci.cs->tls13queries; + break; + default: + ++state->d_ci.cs->tlsUnknownqueries; + } + } + + /* we need an accurate ("real") value for the response and + to store into the IDS, but not for insertion into the + rings for example */ + struct timespec queryRealTime; + gettime(&queryRealTime, true); + + std::unique_ptr dnsCryptQuery{nullptr}; + auto dnsCryptResponse = checkDNSCryptQuery(*state->d_ci.cs, state->d_buffer, dnsCryptQuery, queryRealTime.tv_sec, true); + if (dnsCryptResponse) { + TCPResponse response; + state->d_state = IncomingTCPConnectionState::State::idle; + ++state->d_currentQueriesCount; + state->queueResponse(state, now, std::move(response)); + return; + } + + { + /* this pointer will be invalidated the second the buffer is resized, don't hold onto it! */ + auto* dh = reinterpret_cast(state->d_buffer.data()); + if (!checkQueryHeaders(dh)) { + state->terminateClientConnection(); + return; + } + + if (dh->qdcount == 0) { + TCPResponse response; + dh->rcode = RCode::NotImp; + dh->qr = true; + response.d_selfGenerated = true; + response.d_buffer = std::move(state->d_buffer); + state->d_state = IncomingTCPConnectionState::State::idle; + ++state->d_currentQueriesCount; + state->queueResponse(state, now, std::move(response)); + return; + } + } + + uint16_t qtype, qclass; + unsigned int qnameWireLength = 0; + DNSName qname(reinterpret_cast(state->d_buffer.data()), state->d_buffer.size(), sizeof(dnsheader), false, &qtype, &qclass, &qnameWireLength); + dnsdist::Protocol protocol = dnsdist::Protocol::DoTCP; + if (dnsCryptQuery) { + protocol = dnsdist::Protocol::DNSCryptTCP; + } + else if (state->d_handler.isTLS()) { + protocol = dnsdist::Protocol::DoT; + } + + DNSQuestion dq(&qname, qtype, qclass, &state->d_proxiedDestination, &state->d_proxiedRemote, state->d_buffer, protocol, &queryRealTime); + dq.dnsCryptQuery = std::move(dnsCryptQuery); + dq.sni = state->d_handler.getServerNameIndication(); + if (state->d_proxyProtocolValues) { + /* we need to copy them, because the next queries received on that connection will + need to get the _unaltered_ values */ + dq.proxyProtocolValues = make_unique>(*state->d_proxyProtocolValues); + } + + if (dq.qtype == QType::AXFR || dq.qtype == QType::IXFR) { + dq.skipCache = true; + } + + std::shared_ptr ds; + auto result = processQuery(dq, *state->d_ci.cs, state->d_threadData.holders, ds); + + if (result == ProcessQueryResult::Drop) { + state->terminateClientConnection(); + return; + } + + // the buffer might have been invalidated by now + const dnsheader* dh = dq.getHeader(); + if (result == ProcessQueryResult::SendAnswer) { + TCPResponse response; + response.d_selfGenerated = true; + response.d_buffer = std::move(state->d_buffer); + state->d_state = IncomingTCPConnectionState::State::idle; + ++state->d_currentQueriesCount; + state->queueResponse(state, now, std::move(response)); + return; + } + + if (result != ProcessQueryResult::PassToBackend || ds == nullptr) { + state->terminateClientConnection(); + return; + } + + IDState ids; + setIDStateFromDNSQuestion(ids, dq, std::move(qname)); + ids.origID = dh->id; + ids.cs = state->d_ci.cs; + + ++state->d_currentQueriesCount; + + std::string proxyProtocolPayload; + if (ds->isDoH()) { + vinfolog("Got query for %s|%s from %s (%s, %d bytes), relayed to %s", ids.qname.toLogString(), QType(ids.qtype).toString(), state->d_proxiedRemote.toStringWithPort(), (state->d_handler.isTLS() ? "DoT" : "TCP"), state->d_buffer.size(), ds->getName()); + + /* we need to do this _before_ creating the cross protocol query because + after that the buffer will have been moved */ + if (ds->useProxyProtocol) { + proxyProtocolPayload = getProxyProtocolPayload(dq); + } + + auto incoming = std::make_shared(state, state->d_threadData.crossProtocolResponsesPipe); + auto cpq = std::make_unique(std::move(state->d_buffer), std::move(ids), ds, incoming); + cpq->query.d_proxyProtocolPayload = std::move(proxyProtocolPayload); + + ds->passCrossProtocolQuery(std::move(cpq)); + return; + } + + prependSizeToTCPQuery(state->d_buffer, 0); + + auto downstreamConnection = state->getDownstreamConnection(ds, dq.proxyProtocolValues, now); + + if (ds->useProxyProtocol) { + /* if we ever sent a TLV over a connection, we can never go back */ + if (!state->d_proxyProtocolPayloadHasTLV) { + state->d_proxyProtocolPayloadHasTLV = dq.proxyProtocolValues && !dq.proxyProtocolValues->empty(); + } + + proxyProtocolPayload = getProxyProtocolPayload(dq); + } + + if (dq.proxyProtocolValues) { + downstreamConnection->setProxyProtocolValuesSent(std::move(dq.proxyProtocolValues)); + } + + TCPQuery query(std::move(state->d_buffer), std::move(ids)); + query.d_proxyProtocolPayload = std::move(proxyProtocolPayload); + + vinfolog("Got query for %s|%s from %s (%s, %d bytes), relayed to %s", query.d_idstate.qname.toLogString(), QType(query.d_idstate.qtype).toString(), state->d_proxiedRemote.toStringWithPort(), (state->d_handler.isTLS() ? "DoT" : "TCP"), query.d_buffer.size(), ds->getName()); + std::shared_ptr incoming = state; + downstreamConnection->queueQuery(incoming, std::move(query)); +} + +void IncomingTCPConnectionState::handleIOCallback(int fd, FDMultiplexer::funcparam_t& param) +{ + auto conn = boost::any_cast>(param); + if (fd != conn->d_handler.getDescriptor()) { + throw std::runtime_error("Unexpected socket descriptor " + std::to_string(fd) + " received in " + std::string(__PRETTY_FUNCTION__) + ", expected " + std::to_string(conn->d_handler.getDescriptor())); + } + + struct timeval now; + gettimeofday(&now, nullptr); + handleIO(conn, now); +} + +void IncomingTCPConnectionState::handleIO(std::shared_ptr& state, const struct timeval& now) +{ + // why do we loop? Because the TLS layer does buffering, and thus can have data ready to read + // even though the underlying socket is not ready, so we need to actually ask for the data first + IOState iostate = IOState::Done; + do { + iostate = IOState::Done; + IOStateGuard ioGuard(state->d_ioState); + + if (state->maxConnectionDurationReached(g_maxTCPConnectionDuration, now)) { + vinfolog("Terminating TCP connection from %s because it reached the maximum TCP connection duration", state->d_ci.remote.toStringWithPort()); + // will be handled by the ioGuard + //handleNewIOState(state, IOState::Done, fd, handleIOCallback); + return; + } + + state->d_lastIOBlocked = false; + + try { + if (state->d_state == IncomingTCPConnectionState::State::doingHandshake) { + DEBUGLOG("doing handshake"); + iostate = state->d_handler.tryHandshake(); + if (iostate == IOState::Done) { + DEBUGLOG("handshake done"); + if (state->d_handler.isTLS()) { + if (!state->d_handler.hasTLSSessionBeenResumed()) { + ++state->d_ci.cs->tlsNewSessions; + } + else { + ++state->d_ci.cs->tlsResumptions; + } + if (state->d_handler.getResumedFromInactiveTicketKey()) { + ++state->d_ci.cs->tlsInactiveTicketKey; + } + if (state->d_handler.getUnknownTicketKey()) { + ++state->d_ci.cs->tlsUnknownTicketKey; + } + } + + state->d_handshakeDoneTime = now; + if (expectProxyProtocolFrom(state->d_ci.remote)) { + state->d_state = IncomingTCPConnectionState::State::readingProxyProtocolHeader; + state->d_buffer.resize(s_proxyProtocolMinimumHeaderSize); + state->d_proxyProtocolNeed = s_proxyProtocolMinimumHeaderSize; + } + else { + state->d_state = IncomingTCPConnectionState::State::readingQuerySize; + } + } + else { + state->d_lastIOBlocked = true; + } + } + + if (!state->d_lastIOBlocked && state->d_state == IncomingTCPConnectionState::State::readingProxyProtocolHeader) { + do { + DEBUGLOG("reading proxy protocol header"); + iostate = state->d_handler.tryRead(state->d_buffer, state->d_currentPos, state->d_proxyProtocolNeed); + if (iostate == IOState::Done) { + state->d_buffer.resize(state->d_currentPos); + ssize_t remaining = isProxyHeaderComplete(state->d_buffer); + if (remaining == 0) { + vinfolog("Unable to consume proxy protocol header in packet from TCP client %s", state->d_ci.remote.toStringWithPort()); + ++g_stats.proxyProtocolInvalid; + break; + } + else if (remaining < 0) { + state->d_proxyProtocolNeed += -remaining; + state->d_buffer.resize(state->d_currentPos + state->d_proxyProtocolNeed); + /* we need to keep reading, since we might have buffered data */ + iostate = IOState::NeedRead; + } + else { + /* proxy header received */ + std::vector proxyProtocolValues; + if (!handleProxyProtocol(state->d_ci.remote, true, *state->d_threadData.holders.acl, state->d_buffer, state->d_proxiedRemote, state->d_proxiedDestination, proxyProtocolValues)) { + vinfolog("Error handling the Proxy Protocol received from TCP client %s", state->d_ci.remote.toStringWithPort()); + break; + } + + if (!proxyProtocolValues.empty()) { + state->d_proxyProtocolValues = make_unique>(std::move(proxyProtocolValues)); + } + + state->d_state = IncomingTCPConnectionState::State::readingQuerySize; + state->d_buffer.resize(sizeof(uint16_t)); + state->d_currentPos = 0; + state->d_proxyProtocolNeed = 0; + break; + } + } + else { + state->d_lastIOBlocked = true; + } + } + while (state->active() && !state->d_lastIOBlocked); + } + + if (!state->d_lastIOBlocked && (state->d_state == IncomingTCPConnectionState::State::waitingForQuery || + state->d_state == IncomingTCPConnectionState::State::readingQuerySize)) { + DEBUGLOG("reading query size"); + iostate = state->d_handler.tryRead(state->d_buffer, state->d_currentPos, sizeof(uint16_t)); + if (state->d_currentPos > 0) { + /* if we got at least one byte, we can't go around sending responses */ + state->d_state = IncomingTCPConnectionState::State::readingQuerySize; + } + + if (iostate == IOState::Done) { + DEBUGLOG("query size received"); + state->d_state = IncomingTCPConnectionState::State::readingQuery; + state->d_querySizeReadTime = now; + if (state->d_queriesCount == 0) { + state->d_firstQuerySizeReadTime = now; + } + state->d_querySize = state->d_buffer.at(0) * 256 + state->d_buffer.at(1); + if (state->d_querySize < sizeof(dnsheader)) { + /* go away */ + state->terminateClientConnection(); + return; + } + + /* allocate a bit more memory to be able to spoof the content, get an answer from the cache + or to add ECS without allocating a new buffer */ + state->d_buffer.resize(std::max(state->d_querySize + static_cast(512), s_maxPacketCacheEntrySize)); + state->d_currentPos = 0; + } + else { + state->d_lastIOBlocked = true; + } + } + + if (!state->d_lastIOBlocked && state->d_state == IncomingTCPConnectionState::State::readingQuery) { + DEBUGLOG("reading query"); + iostate = state->d_handler.tryRead(state->d_buffer, state->d_currentPos, state->d_querySize); + if (iostate == IOState::Done) { + DEBUGLOG("query received"); + state->d_buffer.resize(state->d_querySize); + + state->d_state = IncomingTCPConnectionState::State::idle; + handleQuery(state, now); + /* the state might have been updated in the meantime, we don't want to override it + in that case */ + if (state->active() && state->d_state != IncomingTCPConnectionState::State::idle) { + if (state->d_ioState->isWaitingForRead()) { + iostate = IOState::NeedRead; + } + else if (state->d_ioState->isWaitingForWrite()) { + iostate = IOState::NeedWrite; + } + else { + iostate = IOState::Done; + } + } + } + else { + state->d_lastIOBlocked = true; + } + } + + if (!state->d_lastIOBlocked && state->d_state == IncomingTCPConnectionState::State::sendingResponse) { + DEBUGLOG("sending response"); + iostate = state->d_handler.tryWrite(state->d_currentResponse.d_buffer, state->d_currentPos, state->d_currentResponse.d_buffer.size()); + if (iostate == IOState::Done) { + DEBUGLOG("response sent from "<<__PRETTY_FUNCTION__); + handleResponseSent(state, state->d_currentResponse); + state->d_state = IncomingTCPConnectionState::State::idle; + } + else { + state->d_lastIOBlocked = true; + } + } + + if (state->active() && + !state->d_lastIOBlocked && + iostate == IOState::Done && + (state->d_state == IncomingTCPConnectionState::State::idle || + state->d_state == IncomingTCPConnectionState::State::waitingForQuery)) + { + // try sending queued responses + DEBUGLOG("send responses, if any"); + iostate = sendQueuedResponses(state, now); + + if (!state->d_lastIOBlocked && state->active() && iostate == IOState::Done) { + // if the query has been passed to a backend, or dropped, and the responses have been sent, + // we can start reading again + if (state->canAcceptNewQueries(now)) { + state->resetForNewQuery(); + iostate = IOState::NeedRead; + } + else { + state->d_state = IncomingTCPConnectionState::State::idle; + iostate = IOState::Done; + } + } + } + + if (state->d_state != IncomingTCPConnectionState::State::idle && + state->d_state != IncomingTCPConnectionState::State::doingHandshake && + state->d_state != IncomingTCPConnectionState::State::readingProxyProtocolHeader && + state->d_state != IncomingTCPConnectionState::State::waitingForQuery && + state->d_state != IncomingTCPConnectionState::State::readingQuerySize && + state->d_state != IncomingTCPConnectionState::State::readingQuery && + state->d_state != IncomingTCPConnectionState::State::sendingResponse) { + vinfolog("Unexpected state %d in handleIOCallback", static_cast(state->d_state)); + } + } + catch (const std::exception& e) { + /* most likely an EOF because the other end closed the connection, + but it might also be a real IO error or something else. + Let's just drop the connection + */ + if (state->d_state == IncomingTCPConnectionState::State::idle || + state->d_state == IncomingTCPConnectionState::State::waitingForQuery) { + /* no need to increase any counters in that case, the client is simply done with us */ + } + else if (state->d_state == IncomingTCPConnectionState::State::doingHandshake || + state->d_state != IncomingTCPConnectionState::State::readingProxyProtocolHeader || + state->d_state == IncomingTCPConnectionState::State::waitingForQuery || + state->d_state == IncomingTCPConnectionState::State::readingQuerySize || + state->d_state == IncomingTCPConnectionState::State::readingQuery) { + ++state->d_ci.cs->tcpDiedReadingQuery; + } + else if (state->d_state == IncomingTCPConnectionState::State::sendingResponse) { + /* unlikely to happen here, the exception should be handled in sendResponse() */ + ++state->d_ci.cs->tcpDiedSendingResponse; + } + + if (state->d_ioState->isWaitingForWrite() || state->d_queriesCount == 0) { + DEBUGLOG("Got an exception while handling TCP query: "<d_ioState->isWaitingForRead() ? "reading" : "writing"), state->d_ci.remote.toStringWithPort(), e.what()); + } + else { + vinfolog("Closing TCP client connection with %s: %s", state->d_ci.remote.toStringWithPort(), e.what()); + DEBUGLOG("Closing TCP client connection: "<terminateClientConnection(); + } + + if (!state->active()) { + DEBUGLOG("state is no longer active"); + return; + } + + if (iostate == IOState::Done) { + state->d_ioState->update(iostate, handleIOCallback, state); + } + else { + state->d_ioState->update(iostate, handleIOCallback, state, iostate == IOState::NeedRead ? state->getClientReadTTD(now) : state->getClientWriteTTD(now)); + } + ioGuard.release(); + } + while ((iostate == IOState::NeedRead || iostate == IOState::NeedWrite) && !state->d_lastIOBlocked); +} + +void IncomingTCPConnectionState::notifyIOError(IDState&& query, const struct timeval& now) +{ + std::shared_ptr state = shared_from_this(); + + --state->d_currentQueriesCount; + state->d_hadErrors = true; + + if (state->d_state == State::sendingResponse) { + /* if we have responses to send, let's do that first */ + } + else if (!state->d_queuedResponses.empty()) { + /* stop reading and send what we have */ + try { + auto iostate = sendQueuedResponses(state, now); + + if (state->active() && iostate != IOState::Done) { + // we need to update the state right away, nobody will do that for us + state->d_ioState->update(iostate, handleIOCallback, state, iostate == IOState::NeedWrite ? state->getClientWriteTTD(now) : state->getClientReadTTD(now)); + } + } + catch (const std::exception& e) { + vinfolog("Exception in notifyIOError: %s", e.what()); + } + } + else { + // the backend code already tried to reconnect if it was possible + state->terminateClientConnection(); + } +} + +void IncomingTCPConnectionState::handleXFRResponse(const struct timeval& now, TCPResponse&& response) +{ + std::shared_ptr state = shared_from_this(); + queueResponse(state, now, std::move(response)); +} + +void IncomingTCPConnectionState::handleTimeout(std::shared_ptr& state, bool write) +{ + vinfolog("Timeout while %s TCP client %s", (write ? "writing to" : "reading from"), state->d_ci.remote.toStringWithPort()); + DEBUGLOG("client timeout"); + DEBUGLOG("Processed "<d_queriesCount<<" queries, current count is "<d_currentQueriesCount<<", "<d_ownedConnectionsToBackend.size()<<" owned connections, "<d_queuedResponses.size()<<" response queued"); + + if (write || state->d_currentQueriesCount == 0) { + ++state->d_ci.cs->tcpClientTimeouts; + state->d_ioState.reset(); + } + else { + DEBUGLOG("Going idle"); + /* we still have some queries in flight, let's just stop reading for now */ + state->d_state = IncomingTCPConnectionState::State::idle; + state->d_ioState->update(IOState::Done, handleIOCallback, state); + } +} + +static void handleIncomingTCPQuery(int pipefd, FDMultiplexer::funcparam_t& param) +{ + auto threadData = boost::any_cast(param); + + ConnectionInfo* citmp{nullptr}; + + ssize_t got = read(pipefd, &citmp, sizeof(citmp)); + if (got == 0) { + throw std::runtime_error("EOF while reading from the TCP acceptor pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode"); + } + else if (got == -1) { + if (errno == EAGAIN || errno == EINTR) { + return; + } + throw std::runtime_error("Error while reading from the TCP acceptor pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode:" + stringerror()); + } + else if (got != sizeof(citmp)) { + throw std::runtime_error("Partial read while reading from the TCP acceptor pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode"); + } + + try { + g_tcpclientthreads->decrementQueuedCount(); + + struct timeval now; + gettimeofday(&now, nullptr); + auto state = std::make_shared(std::move(*citmp), *threadData, now); + delete citmp; + citmp = nullptr; + + IncomingTCPConnectionState::handleIO(state, now); + } + catch (...) { + delete citmp; + citmp = nullptr; + throw; + } +} + +static void handleCrossProtocolQuery(int pipefd, FDMultiplexer::funcparam_t& param) +{ + auto threadData = boost::any_cast(param); + CrossProtocolQuery* tmp{nullptr}; + + ssize_t got = read(pipefd, &tmp, sizeof(tmp)); + if (got == 0) { + throw std::runtime_error("EOF while reading from the TCP cross-protocol pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode"); + } + else if (got == -1) { + if (errno == EAGAIN || errno == EINTR) { + return; + } + throw std::runtime_error("Error while reading from the TCP cross-protocol pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode:" + stringerror()); + } + else if (got != sizeof(tmp)) { + throw std::runtime_error("Partial read while reading from the TCP cross-protocol pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode"); + } + + try { + struct timeval now; + gettimeofday(&now, nullptr); + + std::shared_ptr tqs = tmp->getTCPQuerySender(); + auto query = std::move(tmp->query); + auto downstreamServer = std::move(tmp->downstream); + auto proxyProtocolPayloadSize = tmp->proxyProtocolPayloadSize; + delete tmp; + tmp = nullptr; + + try { + auto downstream = t_downstreamTCPConnectionsManager.getConnectionToDownstream(threadData->mplexer, downstreamServer, now, std::string()); + + prependSizeToTCPQuery(query.d_buffer, proxyProtocolPayloadSize); + query.d_proxyProtocolPayloadAddedSize = proxyProtocolPayloadSize; + downstream->queueQuery(tqs, std::move(query)); + } + catch (...) { + tqs->notifyIOError(std::move(query.d_idstate), now); + } + } + catch (...) { + delete tmp; + tmp = nullptr; + } +} + +static void handleCrossProtocolResponse(int pipefd, FDMultiplexer::funcparam_t& param) +{ + TCPCrossProtocolResponse* tmp{nullptr}; + + ssize_t got = read(pipefd, &tmp, sizeof(tmp)); + if (got == 0) { + throw std::runtime_error("EOF while reading from the TCP cross-protocol response pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode"); + } + else if (got == -1) { + if (errno == EAGAIN || errno == EINTR) { + return; + } + throw std::runtime_error("Error while reading from the TCP cross-protocol response pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode:" + stringerror()); + } + else if (got != sizeof(tmp)) { + throw std::runtime_error("Partial read while reading from the TCP cross-protocol response pipe (" + std::to_string(pipefd) + ") in " + std::string(isNonBlocking(pipefd) ? "non-blocking" : "blocking") + " mode"); + } + + auto response = std::move(*tmp); + delete tmp; + tmp = nullptr; + + try { + if (response.d_response.d_buffer.empty()) { + response.d_state->notifyIOError(std::move(response.d_response.d_idstate), response.d_now); + } + else if (response.d_response.d_idstate.qtype == QType::AXFR || response.d_response.d_idstate.qtype == QType::IXFR) { + response.d_state->handleXFRResponse(response.d_now, std::move(response.d_response)); + } + else { + response.d_state->handleResponse(response.d_now, std::move(response.d_response)); + } + } + catch (...) { + /* no point bubbling up from there */ + } +} + +static void tcpClientThread(int pipefd, int crossProtocolQueriesPipeFD, int crossProtocolResponsesListenPipeFD, int crossProtocolResponsesWritePipeFD) +{ + /* we get launched with a pipe on which we receive file descriptors from clients that we own + from that point on */ + + setThreadName("dnsdist/tcpClie"); + + try { + TCPClientThreadData data; + /* this is the writing end! */ + data.crossProtocolResponsesPipe = crossProtocolResponsesWritePipeFD; + data.mplexer->addReadFD(pipefd, handleIncomingTCPQuery, &data); + data.mplexer->addReadFD(crossProtocolQueriesPipeFD, handleCrossProtocolQuery, &data); + data.mplexer->addReadFD(crossProtocolResponsesListenPipeFD, handleCrossProtocolResponse, &data); + + struct timeval now; + gettimeofday(&now, nullptr); + time_t lastTimeoutScan = now.tv_sec; + + for (;;) { + data.mplexer->run(&now); + + try { + t_downstreamTCPConnectionsManager.cleanupClosedConnections(now); + + if (now.tv_sec > lastTimeoutScan) { + lastTimeoutScan = now.tv_sec; + auto expiredReadConns = data.mplexer->getTimeouts(now, false); + for (const auto& cbData : expiredReadConns) { + if (cbData.second.type() == typeid(std::shared_ptr)) { + auto state = boost::any_cast>(cbData.second); + if (cbData.first == state->d_handler.getDescriptor()) { + vinfolog("Timeout (read) from remote TCP client %s", state->d_ci.remote.toStringWithPort()); + state->handleTimeout(state, false); + } + } + else if (cbData.second.type() == typeid(std::shared_ptr)) { + auto conn = boost::any_cast>(cbData.second); + vinfolog("Timeout (read) from remote backend %s", conn->getBackendName()); + conn->handleTimeout(now, false); + } + } + + auto expiredWriteConns = data.mplexer->getTimeouts(now, true); + for (const auto& cbData : expiredWriteConns) { + if (cbData.second.type() == typeid(std::shared_ptr)) { + auto state = boost::any_cast>(cbData.second); + if (cbData.first == state->d_handler.getDescriptor()) { + vinfolog("Timeout (write) from remote TCP client %s", state->d_ci.remote.toStringWithPort()); + state->handleTimeout(state, true); + } + } + else if (cbData.second.type() == typeid(std::shared_ptr)) { + auto conn = boost::any_cast>(cbData.second); + vinfolog("Timeout (write) from remote backend %s", conn->getBackendName()); + conn->handleTimeout(now, true); + } + } + + if (g_tcpStatesDumpRequested > 0) { + /* just to keep things clean in the output, debug only */ + static std::mutex s_lock; + std::lock_guard lck(s_lock); + if (g_tcpStatesDumpRequested > 0) { + /* no race here, we took the lock so it can only be increased in the meantime */ + --g_tcpStatesDumpRequested; + errlog("Dumping the TCP states, as requested:"); + data.mplexer->runForAllWatchedFDs([](bool isRead, int fd, const FDMultiplexer::funcparam_t& param, struct timeval ttd) + { + struct timeval lnow; + gettimeofday(&lnow, nullptr); + if (ttd.tv_sec > 0) { + errlog("- Descriptor %d is in %s state, TTD in %d", fd, (isRead ? "read" : "write"), (ttd.tv_sec-lnow.tv_sec)); + } + else { + errlog("- Descriptor %d is in %s state, no TTD set", fd, (isRead ? "read" : "write")); + } + + if (param.type() == typeid(std::shared_ptr)) { + auto state = boost::any_cast>(param); + errlog(" - %s", state->toString()); + } + else if (param.type() == typeid(std::shared_ptr)) { + auto conn = boost::any_cast>(param); + errlog(" - %s", conn->toString()); + } + else if (param.type() == typeid(TCPClientThreadData*)) { + errlog(" - Worker thread pipe"); + } + }); + errlog("The TCP/DoT client cache has %d active and %d idle outgoing connections cached", t_downstreamTCPConnectionsManager.getActiveCount(), t_downstreamTCPConnectionsManager.getIdleCount()); + } + } + } + } + catch (const std::exception& e) { + errlog("Error in TCP worker thread: %s", e.what()); + } + } + } + catch (const std::exception& e) { + errlog("Fatal error in TCP worker thread: %s", e.what()); + } +} + +/* spawn as many of these as required, they call Accept on a socket on which they will accept queries, and + they will hand off to worker threads & spawn more of them if required +*/ +void tcpAcceptorThread(ClientState* cs) +{ + setThreadName("dnsdist/tcpAcce"); + + bool tcpClientCountIncremented = false; + ComboAddress remote; + remote.sin4.sin_family = cs->local.sin4.sin_family; + + auto acl = g_ACL.getLocal(); + for(;;) { + std::unique_ptr ci; + tcpClientCountIncremented = false; + try { + socklen_t remlen = remote.getSocklen(); + ci = std::make_unique(cs); +#ifdef HAVE_ACCEPT4 + ci->fd = accept4(cs->tcpFD, reinterpret_cast(&remote), &remlen, SOCK_NONBLOCK); +#else + ci->fd = accept(cs->tcpFD, reinterpret_cast(&remote), &remlen); +#endif + // will be decremented when the ConnectionInfo object is destroyed, no matter the reason + auto concurrentConnections = ++cs->tcpCurrentConnections; + if (cs->d_tcpConcurrentConnectionsLimit > 0 && concurrentConnections > cs->d_tcpConcurrentConnectionsLimit) { + continue; + } + + if (concurrentConnections > cs->tcpMaxConcurrentConnections.load()) { + cs->tcpMaxConcurrentConnections.store(concurrentConnections); + } + + if (ci->fd < 0) { + throw std::runtime_error((boost::format("accepting new connection on socket: %s") % stringerror()).str()); + } + + if (!acl->match(remote)) { + ++g_stats.aclDrops; + vinfolog("Dropped TCP connection from %s because of ACL", remote.toStringWithPort()); + continue; + } + +#ifndef HAVE_ACCEPT4 + if (!setNonBlocking(ci->fd)) { + continue; + } +#endif + setTCPNoDelay(ci->fd); // disable NAGLE + if (g_maxTCPQueuedConnections > 0 && g_tcpclientthreads->getQueuedCount() >= g_maxTCPQueuedConnections) { + vinfolog("Dropping TCP connection from %s because we have too many queued already", remote.toStringWithPort()); + continue; + } + + if (g_maxTCPConnectionsPerClient) { + auto tcpClientsCount = s_tcpClientsCount.lock(); + + if ((*tcpClientsCount)[remote] >= g_maxTCPConnectionsPerClient) { + vinfolog("Dropping TCP connection from %s because we have too many from this client already", remote.toStringWithPort()); + continue; + } + (*tcpClientsCount)[remote]++; + tcpClientCountIncremented = true; + } + + vinfolog("Got TCP connection from %s", remote.toStringWithPort()); + + ci->remote = remote; + if (!g_tcpclientthreads->passConnectionToThread(std::move(ci))) { + if (tcpClientCountIncremented) { + decrementTCPClientCount(remote); + } + } + } + catch (const std::exception& e) { + errlog("While reading a TCP question: %s", e.what()); + if (tcpClientCountIncremented) { + decrementTCPClientCount(remote); + } + } + catch (...){} + } +} diff --git a/dnsdist-tcp.hh b/dnsdist-tcp.hh new file mode 100644 index 0000000..1e896b4 --- /dev/null +++ b/dnsdist-tcp.hh @@ -0,0 +1,282 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include +#include "iputils.hh" +#include "dnsdist.hh" + +struct ConnectionInfo +{ + ConnectionInfo(ClientState* cs_) : + cs(cs_), fd(-1) + { + } + ConnectionInfo(ClientState* cs_, const ComboAddress remote_) : + remote(remote_), cs(cs_), fd(-1) + { + } + ConnectionInfo(ConnectionInfo&& rhs) : + remote(rhs.remote), cs(rhs.cs), fd(rhs.fd) + { + rhs.cs = nullptr; + rhs.fd = -1; + } + + ConnectionInfo(const ConnectionInfo& rhs) = delete; + ConnectionInfo& operator=(const ConnectionInfo& rhs) = delete; + + ConnectionInfo& operator=(ConnectionInfo&& rhs) + { + remote = rhs.remote; + cs = rhs.cs; + rhs.cs = nullptr; + fd = rhs.fd; + rhs.fd = -1; + return *this; + } + + ~ConnectionInfo() + { + if (fd != -1) { + close(fd); + fd = -1; + } + + if (cs) { + --cs->tcpCurrentConnections; + } + } + + ComboAddress remote; + ClientState* cs{nullptr}; + int fd{-1}; +}; + +struct InternalQuery +{ + InternalQuery() + { + } + + InternalQuery(PacketBuffer&& buffer, IDState&& state) : + d_idstate(std::move(state)), d_buffer(std::move(buffer)) + { + } + + InternalQuery(InternalQuery&& rhs) = default; + InternalQuery& operator=(InternalQuery&& rhs) = default; + + InternalQuery(const InternalQuery& rhs) = delete; + InternalQuery& operator=(const InternalQuery& rhs) = delete; + + bool isXFR() const + { + return d_idstate.qtype == QType::AXFR || d_idstate.qtype == QType::IXFR; + } + + IDState d_idstate; + std::string d_proxyProtocolPayload; + PacketBuffer d_buffer; + uint32_t d_proxyProtocolPayloadAddedSize{0}; + uint32_t d_xfrMasterSerial{0}; + uint32_t d_xfrSerialCount{0}; + uint32_t d_downstreamFailures{0}; + uint8_t d_xfrMasterSerialCount{0}; + bool d_xfrStarted{false}; + bool d_proxyProtocolPayloadAdded{false}; +}; + +using TCPQuery = InternalQuery; + +class ConnectionToBackend; + +struct TCPResponse : public TCPQuery +{ + TCPResponse() + { + /* let's make Coverity happy */ + memset(&d_cleartextDH, 0, sizeof(d_cleartextDH)); + } + + TCPResponse(PacketBuffer&& buffer, IDState&& state, std::shared_ptr conn) : + TCPQuery(std::move(buffer), std::move(state)), d_connection(conn) + { + memset(&d_cleartextDH, 0, sizeof(d_cleartextDH)); + } + + std::shared_ptr d_connection{nullptr}; + dnsheader d_cleartextDH; + bool d_selfGenerated{false}; +}; + +class TCPQuerySender +{ +public: + virtual ~TCPQuerySender() + { + } + + virtual bool active() const = 0; + virtual const ClientState* getClientState() const = 0; + virtual void handleResponse(const struct timeval& now, TCPResponse&& response) = 0; + virtual void handleXFRResponse(const struct timeval& now, TCPResponse&& response) = 0; + virtual void notifyIOError(IDState&& query, const struct timeval& now) = 0; + + /* whether the connection should be automatically released to the pool after handleResponse() + has been called */ + bool releaseConnection() const + { + return d_releaseConnection; + } + +protected: + bool d_releaseConnection{true}; +}; + +struct CrossProtocolQuery +{ + CrossProtocolQuery() + { + } + + CrossProtocolQuery(CrossProtocolQuery&& rhs) = delete; + virtual ~CrossProtocolQuery() + { + } + + virtual std::shared_ptr getTCPQuerySender() = 0; + + InternalQuery query; + std::shared_ptr downstream{nullptr}; + size_t proxyProtocolPayloadSize{0}; + bool isXFR{false}; +}; + +class TCPClientCollection +{ +public: + TCPClientCollection(size_t maxThreads); + + int getThread() + { + if (d_numthreads == 0) { + throw std::runtime_error("No TCP worker thread yet"); + } + + uint64_t pos = d_pos++; + ++d_queued; + return d_tcpclientthreads.at(pos % d_numthreads).d_newConnectionPipe.getHandle(); + } + + bool passConnectionToThread(std::unique_ptr&& conn) + { + if (d_numthreads == 0) { + throw std::runtime_error("No TCP worker thread yet"); + } + + uint64_t pos = d_pos++; + auto pipe = d_tcpclientthreads.at(pos % d_numthreads).d_newConnectionPipe.getHandle(); + auto tmp = conn.release(); + + if (write(pipe, &tmp, sizeof(tmp)) != sizeof(tmp)) { + ++g_stats.tcpQueryPipeFull; + delete tmp; + tmp = nullptr; + return false; + } + ++d_queued; + return true; + } + + bool passCrossProtocolQueryToThread(std::unique_ptr&& cpq) + { + if (d_numthreads == 0) { + throw std::runtime_error("No TCP worker thread yet"); + } + + uint64_t pos = d_pos++; + auto pipe = d_tcpclientthreads.at(pos % d_numthreads).d_crossProtocolQueriesPipe.getHandle(); + auto tmp = cpq.release(); + + if (write(pipe, &tmp, sizeof(tmp)) != sizeof(tmp)) { + ++g_stats.tcpCrossProtocolQueryPipeFull; + delete tmp; + tmp = nullptr; + return false; + } + + return true; + } + + bool hasReachedMaxThreads() const + { + return d_numthreads >= d_maxthreads; + } + + uint64_t getThreadsCount() const + { + return d_numthreads; + } + + uint64_t getQueuedCount() const + { + return d_queued; + } + + void decrementQueuedCount() + { + --d_queued; + } + +private: + void addTCPClientThread(); + + struct TCPWorkerThread + { + TCPWorkerThread() + { + } + + TCPWorkerThread(int newConnPipe, int crossProtocolQueriesPipe, int crossProtocolResponsesPipe) : + d_newConnectionPipe(newConnPipe), d_crossProtocolQueriesPipe(crossProtocolQueriesPipe), d_crossProtocolResponsesPipe(crossProtocolResponsesPipe) + { + } + + TCPWorkerThread(TCPWorkerThread&& rhs) = default; + TCPWorkerThread& operator=(TCPWorkerThread&& rhs) = default; + TCPWorkerThread(const TCPWorkerThread& rhs) = delete; + TCPWorkerThread& operator=(const TCPWorkerThread&) = delete; + + FDWrapper d_newConnectionPipe; + FDWrapper d_crossProtocolQueriesPipe; + FDWrapper d_crossProtocolResponsesPipe; + }; + + std::vector d_tcpclientthreads; + stat_t d_numthreads{0}; + stat_t d_pos{0}; + stat_t d_queued{0}; + const uint64_t d_maxthreads{0}; +}; + +extern std::unique_ptr g_tcpclientthreads; diff --git a/dnsdist-web.cc b/dnsdist-web.cc new file mode 100644 index 0000000..8a25058 --- /dev/null +++ b/dnsdist-web.cc @@ -0,0 +1,1577 @@ +/* + * This file is part of PowerDNS or dnsdist. + * Copyright -- PowerDNS.COM B.V. and its contributors + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * In addition, for the avoidance of any doubt, permission is granted to + * link this program with OpenSSL and to (re)distribute the binaries + * produced as the result of such linking. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#include +#include +#include +#include +#include + +#include "ext/json11/json11.hpp" +#include + +#include "base64.hh" +#include "connection-management.hh" +#include "dnsdist.hh" +#include "dnsdist-dynblocks.hh" +#include "dnsdist-healthchecks.hh" +#include "dnsdist-prometheus.hh" +#include "dnsdist-web.hh" +#include "dolog.hh" +#include "gettime.hh" +#include "htmlfiles.h" +#include "threadname.hh" +#include "sodcrypto.hh" +#include "sstuff.hh" + +struct WebserverConfig +{ + WebserverConfig() + { + acl.toMasks("127.0.0.1, ::1"); + } + + NetmaskGroup acl; + std::unique_ptr password; + std::unique_ptr apiKey; + boost::optional > customHeaders; + bool statsRequireAuthentication{true}; +}; + +bool g_apiReadWrite{false}; +LockGuarded g_webserverConfig; +std::string g_apiConfigDirectory; +static const MetricDefinitionStorage s_metricDefinitions; + +static ConcurrentConnectionManager s_connManager(100); + +std::string getWebserverConfig() +{ + ostringstream out; + + { + auto config = g_webserverConfig.lock(); + out << "Current web server configuration:" << endl; + out << "ACL: " << config->acl.toString() << endl; + out << "Custom headers: "; + if (config->customHeaders) { + out << endl; + for (const auto& header : *config->customHeaders) { + out << " - " << header.first << ": " << header.second << endl; + } + } + else { + out << "None" << endl; + } + out << "Statistics require authentication: " << (config->statsRequireAuthentication ? "yes" : "no") << endl; + out << "Password: " << (config->password ? "set" : "unset") << endl; + out << "API key: " << (config->apiKey ? "set" : "unset") << endl; + } + out << "API writable: " << (g_apiReadWrite ? "yes" : "no") << endl; + out << "API configuration directory: " << g_apiConfigDirectory << endl; + out << "Maximum concurrent connections: " << s_connManager.getMaxConcurrentConnections() << endl; + + return out.str(); +} + +class WebClientConnection +{ +public: + WebClientConnection(const ComboAddress& client, int fd): d_client(client), d_socket(fd) + { + if (!s_connManager.registerConnection()) { + throw std::runtime_error("Too many concurrent web client connections"); + } + } + WebClientConnection(WebClientConnection&& rhs): d_client(rhs.d_client), d_socket(std::move(rhs.d_socket)) + { + } + + WebClientConnection(const WebClientConnection&) = delete; + WebClientConnection& operator=(const WebClientConnection&) = delete; + + ~WebClientConnection() + { + if (d_socket.getHandle() != -1) { + s_connManager.releaseConnection(); + } + } + + const Socket& getSocket() const + { + return d_socket; + } + + const ComboAddress& getClient() const + { + return d_client; + } + +private: + ComboAddress d_client; + Socket d_socket; +}; + +const std::map MetricDefinitionStorage::metrics{ + { "responses", MetricDefinition(PrometheusMetricType::counter, "Number of responses received from backends") }, + { "servfail-responses", MetricDefinition(PrometheusMetricType::counter, "Number of SERVFAIL answers received from backends") }, + { "queries", MetricDefinition(PrometheusMetricType::counter, "Number of received queries")}, + { "frontend-nxdomain", MetricDefinition(PrometheusMetricType::counter, "Number of NXDomain answers sent to clients")}, + { "frontend-servfail", MetricDefinition(PrometheusMetricType::counter, "Number of SERVFAIL answers sent to clients")}, + { "frontend-noerror", MetricDefinition(PrometheusMetricType::counter, "Number of NoError answers sent to clients")}, + { "acl-drops", MetricDefinition(PrometheusMetricType::counter, "Number of packets dropped because of the ACL")}, + { "rule-drop", MetricDefinition(PrometheusMetricType::counter, "Number of queries dropped because of a rule")}, + { "rule-nxdomain", MetricDefinition(PrometheusMetricType::counter, "Number of NXDomain answers returned because of a rule")}, + { "rule-refused", MetricDefinition(PrometheusMetricType::counter, "Number of Refused answers returned because of a rule")}, + { "rule-servfail", MetricDefinition(PrometheusMetricType::counter, "Number of SERVFAIL answers received because of a rule")}, + { "rule-truncated", MetricDefinition(PrometheusMetricType::counter, "Number of truncated answers returned because of a rule")}, + { "self-answered", MetricDefinition(PrometheusMetricType::counter, "Number of self-answered responses")}, + { "downstream-timeouts", MetricDefinition(PrometheusMetricType::counter, "Number of queries not answered in time by a backend")}, + { "downstream-send-errors", MetricDefinition(PrometheusMetricType::counter, "Number of errors when sending a query to a backend")}, + { "trunc-failures", MetricDefinition(PrometheusMetricType::counter, "Number of errors encountered while truncating an answer")}, + { "no-policy", MetricDefinition(PrometheusMetricType::counter, "Number of queries dropped because no server was available")}, + { "latency0-1", MetricDefinition(PrometheusMetricType::counter, "Number of queries answered in less than 1ms")}, + { "latency1-10", MetricDefinition(PrometheusMetricType::counter, "Number of queries answered in 1-10 ms")}, + { "latency10-50", MetricDefinition(PrometheusMetricType::counter, "Number of queries answered in 10-50 ms")}, + { "latency50-100", MetricDefinition(PrometheusMetricType::counter, "Number of queries answered in 50-100 ms")}, + { "latency100-1000", MetricDefinition(PrometheusMetricType::counter, "Number of queries answered in 100-1000 ms")}, + { "latency-slow", MetricDefinition(PrometheusMetricType::counter, "Number of queries answered in more than 1 second")}, + { "latency-avg100", MetricDefinition(PrometheusMetricType::gauge, "Average response latency in microseconds of the last 100 packets")}, + { "latency-avg1000", MetricDefinition(PrometheusMetricType::gauge, "Average response latency in microseconds of the last 1000 packets")}, + { "latency-avg10000", MetricDefinition(PrometheusMetricType::gauge, "Average response latency in microseconds of the last 10000 packets")}, + { "latency-avg1000000", MetricDefinition(PrometheusMetricType::gauge, "Average response latency in microseconds of the last 1000000 packets")}, + { "uptime", MetricDefinition(PrometheusMetricType::gauge, "Uptime of the dnsdist process in seconds")}, + { "real-memory-usage", MetricDefinition(PrometheusMetricType::gauge, "Current memory usage in bytes")}, + { "noncompliant-queries", MetricDefinition(PrometheusMetricType::counter, "Number of queries dropped as non-compliant")}, + { "noncompliant-responses", MetricDefinition(PrometheusMetricType::counter, "Number of answers from a backend dropped as non-compliant")}, + { "rdqueries", MetricDefinition(PrometheusMetricType::counter, "Number of received queries with the recursion desired bit set")}, + { "empty-queries", MetricDefinition(PrometheusMetricType::counter, "Number of empty queries received from clients")}, + { "cache-hits", MetricDefinition(PrometheusMetricType::counter, "Number of times an answer was retrieved from cache")}, + { "cache-misses", MetricDefinition(PrometheusMetricType::counter, "Number of times an answer not found in the cache")}, + { "cpu-iowait", MetricDefinition(PrometheusMetricType::counter, "Time waiting for I/O to complete by the whole system, in units of USER_HZ")}, + { "cpu-user-msec", MetricDefinition(PrometheusMetricType::counter, "Milliseconds spent by dnsdist in the user state")}, + { "cpu-steal", MetricDefinition(PrometheusMetricType::counter, "Stolen time, which is the time spent by the whole system in other operating systems when running in a virtualized environment, in units of USER_HZ")}, + { "cpu-sys-msec", MetricDefinition(PrometheusMetricType::counter, "Milliseconds spent by dnsdist in the system state")}, + { "fd-usage", MetricDefinition(PrometheusMetricType::gauge, "Number of currently used file descriptors")}, + { "dyn-blocked", MetricDefinition(PrometheusMetricType::counter, "Number of queries dropped because of a dynamic block")}, + { "dyn-block-nmg-size", MetricDefinition(PrometheusMetricType::gauge, "Number of dynamic blocks entries") }, + { "security-status", MetricDefinition(PrometheusMetricType::gauge, "Security status of this software. 0=unknown, 1=OK, 2=upgrade recommended, 3=upgrade mandatory") }, + { "doh-query-pipe-full", MetricDefinition(PrometheusMetricType::counter, "Number of DoH queries dropped because the internal pipe used to distribute queries was full") }, + { "doh-response-pipe-full", MetricDefinition(PrometheusMetricType::counter, "Number of DoH responses dropped because the internal pipe used to distribute responses was full") }, + { "outgoing-doh-query-pipe-full", MetricDefinition(PrometheusMetricType::counter, "Number of outgoing DoH queries dropped because the internal pipe used to distribute queries was full") }, + { "tcp-query-pipe-full", MetricDefinition(PrometheusMetricType::counter, "Number of TCP queries dropped because the internal pipe used to distribute queries was full") }, + { "tcp-cross-protocol-query-pipe-full", MetricDefinition(PrometheusMetricType::counter, "Number of TCP cross-protocol queries dropped because the internal pipe used to distribute queries was full") }, + { "tcp-cross-protocol-response-pipe-full", MetricDefinition(PrometheusMetricType::counter, "Number of TCP cross-protocol responses dropped because the internal pipe used to distribute queries was full") }, + { "udp-in-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp InErrors") }, + { "udp-noport-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp NoPorts") }, + { "udp-recvbuf-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp RcvbufErrors") }, + { "udp-sndbuf-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp SndbufErrors") }, + { "udp-in-csum-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp InCsumErrors") }, + { "udp6-in-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp6 Udp6InErrors") }, + { "udp6-recvbuf-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp6 Udp6RcvbufErrors") }, + { "udp6-sndbuf-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp6 Udp6SndbufErrors") }, + { "udp6-noport-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp6 Udp6NoPorts") }, + { "udp6-in-csum-errors", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/snmp6 Udp6InCsumErrors") }, + { "tcp-listen-overflows", MetricDefinition(PrometheusMetricType::counter, "From /proc/net/netstat ListenOverflows") }, + { "proxy-protocol-invalid", MetricDefinition(PrometheusMetricType::counter, "Number of queries dropped because of an invalid Proxy Protocol header") }, +}; + +static bool apiWriteConfigFile(const string& filebasename, const string& content) +{ + if (!g_apiReadWrite) { + errlog("Not writing content to %s since the API is read-only", filebasename); + return false; + } + + if (g_apiConfigDirectory.empty()) { + vinfolog("Not writing content to %s since the API configuration directory is not set", filebasename); + return false; + } + + string filename = g_apiConfigDirectory + "/" + filebasename + ".conf"; + ofstream ofconf(filename.c_str()); + if (!ofconf) { + errlog("Could not open configuration fragment file '%s' for writing: %s", filename, stringerror()); + return false; + } + ofconf << "-- Generated by the REST API, DO NOT EDIT" << endl; + ofconf << content << endl; + ofconf.close(); + return true; +} + +static void apiSaveACL(const NetmaskGroup& nmg) +{ + vector vec; + nmg.toStringVector(&vec); + + string acl; + for(const auto& s : vec) { + if (!acl.empty()) { + acl += ", "; + } + acl += "\"" + s + "\""; + } + + string content = "setACL({" + acl + "})"; + apiWriteConfigFile("acl", content); +} + +static bool checkAPIKey(const YaHTTP::Request& req, const std::unique_ptr& apiKey) +{ + if (!apiKey) { + return false; + } + + const auto header = req.headers.find("x-api-key"); + if (header != req.headers.end()) { + return apiKey->matches(header->second); + } + + return false; +} + +static bool checkWebPassword(const YaHTTP::Request& req, const std::unique_ptr& password) +{ + static const char basicStr[] = "basic "; + + const auto header = req.headers.find("authorization"); + + if (header != req.headers.end() && toLower(header->second).find(basicStr) == 0) { + string cookie = header->second.substr(sizeof(basicStr) - 1); + + string plain; + B64Decode(cookie, plain); + + vector cparts; + stringtok(cparts, plain, ":"); + + if (cparts.size() == 2) { + if (password) { + return password->matches(cparts.at(1)); + } + return true; + } + } + + return false; +} + +static bool isAnAPIRequest(const YaHTTP::Request& req) +{ + return req.url.path.find("/api/") == 0; +} + +static bool isAnAPIRequestAllowedWithWebAuth(const YaHTTP::Request& req) +{ + return req.url.path == "/api/v1/servers/localhost"; +} + +static bool isAStatsRequest(const YaHTTP::Request& req) +{ + return req.url.path == "/jsonstat" || req.url.path == "/metrics"; +} + +static bool handleAuthorization(const YaHTTP::Request& req) +{ + auto config = g_webserverConfig.lock(); + + if (isAStatsRequest(req)) { + if (config->statsRequireAuthentication) { + /* Access to the stats is allowed for both API and Web users */ + return checkAPIKey(req, config->apiKey) || checkWebPassword(req, config->password); + } + return true; + } + + if (isAnAPIRequest(req)) { + /* Access to the API requires a valid API key */ + if (checkAPIKey(req, config->apiKey)) { + return true; + } + + return isAnAPIRequestAllowedWithWebAuth(req) && checkWebPassword(req, config->password); + } + + return checkWebPassword(req, config->password); +} + +static bool isMethodAllowed(const YaHTTP::Request& req) +{ + if (req.method == "GET") { + return true; + } + if (req.method == "PUT" && g_apiReadWrite) { + if (req.url.path == "/api/v1/servers/localhost/config/allow-from") { + return true; + } + } + return false; +} + +static bool isClientAllowedByACL(const ComboAddress& remote) +{ + return g_webserverConfig.lock()->acl.match(remote); +} + +static void handleCORS(const YaHTTP::Request& req, YaHTTP::Response& resp) +{ + const auto origin = req.headers.find("Origin"); + if (origin != req.headers.end()) { + if (req.method == "OPTIONS") { + /* Pre-flight request */ + if (g_apiReadWrite) { + resp.headers["Access-Control-Allow-Methods"] = "GET, PUT"; + } + else { + resp.headers["Access-Control-Allow-Methods"] = "GET"; + } + resp.headers["Access-Control-Allow-Headers"] = "Authorization, X-API-Key"; + } + + resp.headers["Access-Control-Allow-Origin"] = origin->second; + + if (isAStatsRequest(req) || isAnAPIRequestAllowedWithWebAuth(req)) { + resp.headers["Access-Control-Allow-Credentials"] = "true"; + } + } +} + +static void addSecurityHeaders(YaHTTP::Response& resp, const boost::optional >& customHeaders) +{ + static const std::vector > headers = { + { "X-Content-Type-Options", "nosniff" }, + { "X-Frame-Options", "deny" }, + { "X-Permitted-Cross-Domain-Policies", "none" }, + { "X-XSS-Protection", "1; mode=block" }, + { "Content-Security-Policy", "default-src 'self'; style-src 'self' 'unsafe-inline'" }, + }; + + for (const auto& h : headers) { + if (customHeaders) { + const auto& custom = customHeaders->find(h.first); + if (custom != customHeaders->end()) { + continue; + } + } + resp.headers[h.first] = h.second; + } +} + +static void addCustomHeaders(YaHTTP::Response& resp, const boost::optional >& customHeaders) +{ + if (!customHeaders) + return; + + for (const auto& c : *customHeaders) { + if (!c.second.empty()) { + resp.headers[c.first] = c.second; + } + } +} + +template +static json11::Json::array someResponseRulesToJson(GlobalStateHolder>* someResponseRules) +{ + using namespace json11; + Json::array responseRules; + int num=0; + auto localResponseRules = someResponseRules->getLocal(); + for(const auto& a : *localResponseRules) { + Json::object rule{ + {"id", num++}, + {"creationOrder", (double)a.d_creationOrder}, + {"uuid", boost::uuids::to_string(a.d_id)}, + {"name", a.d_name}, + {"matches", (double)a.d_rule->d_matches}, + {"rule", a.d_rule->toString()}, + {"action", a.d_action->toString()}, + }; + responseRules.push_back(rule); + } + return responseRules; +} + +template +static void addRulesToPrometheusOutput(std::ostringstream& output, GlobalStateHolder >& rules) +{ + auto localRules = rules.getLocal(); + for (const auto& entry : *localRules) { + std::string id = !entry.d_name.empty() ? entry.d_name : boost::uuids::to_string(entry.d_id); + output << "dnsdist_rule_hits{id=\"" << id << "\"} " << entry.d_rule->d_matches << "\n"; + } +} + +static void handlePrometheus(const YaHTTP::Request& req, YaHTTP::Response& resp) +{ + handleCORS(req, resp); + resp.status = 200; + + std::ostringstream output; + static const std::set metricBlacklist = { "latency-count", "latency-sum" }; + for (const auto& e : g_stats.entries) { + if (e.first == "special-memory-usage") + continue; // Too expensive for get-all + std::string metricName = std::get<0>(e); + + // Prometheus suggest using '_' instead of '-' + std::string prometheusMetricName = "dnsdist_" + boost::replace_all_copy(metricName, "-", "_"); + if (metricBlacklist.count(metricName) != 0) { + continue; + } + + MetricDefinition metricDetails; + if (!s_metricDefinitions.getMetricDetails(metricName, metricDetails)) { + vinfolog("Do not have metric details for %s", metricName); + continue; + } + + std::string prometheusTypeName = s_metricDefinitions.getPrometheusStringMetricType(metricDetails.prometheusType); + + if (prometheusTypeName == "") { + vinfolog("Unknown Prometheus type for %s", metricName); + continue; + } + + // for these we have the help and types encoded in the sources: + output << "# HELP " << prometheusMetricName << " " << metricDetails.description << "\n"; + output << "# TYPE " << prometheusMetricName << " " << prometheusTypeName << "\n"; + output << prometheusMetricName << " "; + + if (const auto& val = boost::get(&std::get<1>(e))) + output << (*val)->load(); + else if (const auto& dval = boost::get(&std::get<1>(e))) + output << **dval; + else + output << (*boost::get(&std::get<1>(e)))(std::get<0>(e)); + + output << "\n"; + } + + // Latency histogram buckets + output << "# HELP dnsdist_latency Histogram of responses by latency (in milliseconds)\n"; + output << "# TYPE dnsdist_latency histogram\n"; + uint64_t latency_amounts = g_stats.latency0_1; + output << "dnsdist_latency_bucket{le=\"1\"} " << latency_amounts << "\n"; + latency_amounts += g_stats.latency1_10; + output << "dnsdist_latency_bucket{le=\"10\"} " << latency_amounts << "\n"; + latency_amounts += g_stats.latency10_50; + output << "dnsdist_latency_bucket{le=\"50\"} " << latency_amounts << "\n"; + latency_amounts += g_stats.latency50_100; + output << "dnsdist_latency_bucket{le=\"100\"} " << latency_amounts << "\n"; + latency_amounts += g_stats.latency100_1000; + output << "dnsdist_latency_bucket{le=\"1000\"} " << latency_amounts << "\n"; + latency_amounts += g_stats.latencySlow; // Should be the same as latency_count + output << "dnsdist_latency_bucket{le=\"+Inf\"} " << latency_amounts << "\n"; + output << "dnsdist_latency_sum " << g_stats.latencySum << "\n"; + output << "dnsdist_latency_count " << g_stats.latencyCount << "\n"; + + auto states = g_dstates.getLocal(); + const string statesbase = "dnsdist_server_"; + + output << "# HELP " << statesbase << "status " << "Whether this backend is up (1) or down (0)" << "\n"; + output << "# TYPE " << statesbase << "status " << "gauge" << "\n"; + output << "# HELP " << statesbase << "queries " << "Amount of queries relayed to server" << "\n"; + output << "# TYPE " << statesbase << "queries " << "counter" << "\n"; + output << "# HELP " << statesbase << "responses " << "Amount of responses received from this server" << "\n"; + output << "# TYPE " << statesbase << "responses " << "counter" << "\n"; + output << "# HELP " << statesbase << "drops " << "Amount of queries not answered by server" << "\n"; + output << "# TYPE " << statesbase << "drops " << "counter" << "\n"; + output << "# HELP " << statesbase << "latency " << "Server's latency when answering questions in milliseconds" << "\n"; + output << "# TYPE " << statesbase << "latency " << "gauge" << "\n"; + output << "# HELP " << statesbase << "senderrors " << "Total number of OS send errors while relaying queries" << "\n"; + output << "# TYPE " << statesbase << "senderrors " << "counter" << "\n"; + output << "# HELP " << statesbase << "outstanding " << "Current number of queries that are waiting for a backend response" << "\n"; + output << "# TYPE " << statesbase << "outstanding " << "gauge" << "\n"; + output << "# HELP " << statesbase << "order " << "The order in which this server is picked" << "\n"; + output << "# TYPE " << statesbase << "order " << "gauge" << "\n"; + output << "# HELP " << statesbase << "weight " << "The weight within the order in which this server is picked" << "\n"; + output << "# TYPE " << statesbase << "weight " << "gauge" << "\n"; + output << "# HELP " << statesbase << "tcpdiedsendingquery " << "The number of TCP I/O errors while sending the query" << "\n"; + output << "# TYPE " << statesbase << "tcpdiedsendingquery " << "counter" << "\n"; + output << "# HELP " << statesbase << "tcpdiedreadingresponse " << "The number of TCP I/O errors while reading the response" << "\n"; + output << "# TYPE " << statesbase << "tcpdiedreadingresponse " << "counter" << "\n"; + output << "# HELP " << statesbase << "tcpgaveup " << "The number of TCP connections failing after too many attempts" << "\n"; + output << "# TYPE " << statesbase << "tcpgaveup " << "counter" << "\n"; + output << "# HELP " << statesbase << "tcpconnecttimeouts " << "The number of TCP connect timeouts" << "\n"; + output << "# TYPE " << statesbase << "tcpconnecttimeouts " << "counter" << "\n"; + output << "# HELP " << statesbase << "tcpreadtimeouts " << "The number of TCP read timeouts" << "\n"; + output << "# TYPE " << statesbase << "tcpreadtimeouts " << "counter" << "\n"; + output << "# HELP " << statesbase << "tcpwritetimeouts " << "The number of TCP write timeouts" << "\n"; + output << "# TYPE " << statesbase << "tcpwritetimeouts " << "counter" << "\n"; + output << "# HELP " << statesbase << "tcpcurrentconnections " << "The number of current TCP connections" << "\n"; + output << "# TYPE " << statesbase << "tcpcurrentconnections " << "gauge" << "\n"; + output << "# HELP " << statesbase << "tcpmaxconcurrentconnections " << "The maximum number of concurrent TCP connections" << "\n"; + output << "# TYPE " << statesbase << "tcpmaxconcurrentconnections " << "counter" << "\n"; + output << "# HELP " << statesbase << "tcpnewconnections " << "The number of established TCP connections in total" << "\n"; + output << "# TYPE " << statesbase << "tcpnewconnections " << "counter" << "\n"; + output << "# HELP " << statesbase << "tcpreusedconnections " << "The number of times a TCP connection has been reused" << "\n"; + output << "# TYPE " << statesbase << "tcpreusedconnections " << "counter" << "\n"; + output << "# HELP " << statesbase << "tcpavgqueriesperconn " << "The average number of queries per TCP connection" << "\n"; + output << "# TYPE " << statesbase << "tcpavgqueriesperconn " << "gauge" << "\n"; + output << "# HELP " << statesbase << "tcpavgconnduration " << "The average duration of a TCP connection (ms)" << "\n"; + output << "# TYPE " << statesbase << "tcpavgconnduration " << "gauge" << "\n"; + output << "# HELP " << statesbase << "tlsresumptions " << "The number of times a TLS session has been resumed" << "\n"; + output << "# TYPE " << statesbase << "tlsersumptions " << "counter" << "\n"; + + for (const auto& state : *states) { + string serverName; + + if (state->getName().empty()) + serverName = state->remote.toStringWithPort(); + else + serverName = state->getName(); + + boost::replace_all(serverName, ".", "_"); + + const std::string label = boost::str(boost::format("{server=\"%1%\",address=\"%2%\"}") + % serverName % state->remote.toStringWithPort()); + + output << statesbase << "status" << label << " " << (state->isUp() ? "1" : "0") << "\n"; + output << statesbase << "queries" << label << " " << state->queries.load() << "\n"; + output << statesbase << "responses" << label << " " << state->responses.load() << "\n"; + output << statesbase << "drops" << label << " " << state->reuseds.load() << "\n"; + if (state->isUp()) + output << statesbase << "latency" << label << " " << state->latencyUsec/1000.0 << "\n"; + output << statesbase << "senderrors" << label << " " << state->sendErrors.load() << "\n"; + output << statesbase << "outstanding" << label << " " << state->outstanding.load() << "\n"; + output << statesbase << "order" << label << " " << state->order << "\n"; + output << statesbase << "weight" << label << " " << state->weight << "\n"; + output << statesbase << "tcpdiedsendingquery" << label << " " << state->tcpDiedSendingQuery << "\n"; + output << statesbase << "tcpdiedreadingresponse" << label << " " << state->tcpDiedReadingResponse << "\n"; + output << statesbase << "tcpgaveup" << label << " " << state->tcpGaveUp << "\n"; + output << statesbase << "tcpreadtimeouts" << label << " " << state->tcpReadTimeouts << "\n"; + output << statesbase << "tcpwritetimeouts" << label << " " << state->tcpWriteTimeouts << "\n"; + output << statesbase << "tcpconnecttimeouts" << label << " " << state->tcpConnectTimeouts << "\n"; + output << statesbase << "tcpcurrentconnections" << label << " " << state->tcpCurrentConnections << "\n"; + output << statesbase << "tcpmaxconcurrentconnections" << label << " " << state->tcpMaxConcurrentConnections << "\n"; + output << statesbase << "tcpnewconnections" << label << " " << state->tcpNewConnections << "\n"; + output << statesbase << "tcpreusedconnections" << label << " " << state->tcpReusedConnections << "\n"; + output << statesbase << "tcpavgqueriesperconn" << label << " " << state->tcpAvgQueriesPerConnection << "\n"; + output << statesbase << "tcpavgconnduration" << label << " " << state->tcpAvgConnectionDuration << "\n"; + output << statesbase << "tlsresumptions" << label << " " << state->tlsResumptions << "\n"; + } + + const string frontsbase = "dnsdist_frontend_"; + output << "# HELP " << frontsbase << "queries " << "Amount of queries received by this frontend" << "\n"; + output << "# TYPE " << frontsbase << "queries " << "counter" << "\n"; + output << "# HELP " << frontsbase << "responses " << "Amount of responses sent by this frontend" << "\n"; + output << "# TYPE " << frontsbase << "responses " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tcpdiedreadingquery " << "Amount of TCP connections terminated while reading the query from the client" << "\n"; + output << "# TYPE " << frontsbase << "tcpdiedreadingquery " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tcpdiedsendingresponse " << "Amount of TCP connections terminated while sending a response to the client" << "\n"; + output << "# TYPE " << frontsbase << "tcpdiedsendingresponse " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tcpgaveup " << "Amount of TCP connections terminated after too many attempts to get a connection to the backend" << "\n"; + output << "# TYPE " << frontsbase << "tcpgaveup " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tcpclientimeouts " << "Amount of TCP connections terminated by a timeout while reading from the client" << "\n"; + output << "# TYPE " << frontsbase << "tcpclientimeouts " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tcpdownstreamtimeouts " << "Amount of TCP connections terminated by a timeout while reading from the backend" << "\n"; + output << "# TYPE " << frontsbase << "tcpdownstreamtimeouts " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tcpcurrentconnections " << "Amount of current incoming TCP connections from clients" << "\n"; + output << "# TYPE " << frontsbase << "tcpcurrentconnections " << "gauge" << "\n"; + output << "# HELP " << frontsbase << "tcpmaxconcurrentconnections " << "Maximum number of concurrent incoming TCP connections from clients" << "\n"; + output << "# TYPE " << frontsbase << "tcpmaxconcurrentconnections " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tcpavgqueriesperconnection " << "The average number of queries per TCP connection" << "\n"; + output << "# TYPE " << frontsbase << "tcpavgqueriesperconnection " << "gauge" << "\n"; + output << "# HELP " << frontsbase << "tcpavgconnectionduration " << "The average duration of a TCP connection (ms)" << "\n"; + output << "# TYPE " << frontsbase << "tcpavgconnectionduration " << "gauge" << "\n"; + output << "# HELP " << frontsbase << "tlsqueries " << "Number of queries received by dnsdist over TLS, by TLS version" << "\n"; + output << "# TYPE " << frontsbase << "tlsqueries " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tlsnewsessions " << "Amount of new TLS sessions negotiated" << "\n"; + output << "# TYPE " << frontsbase << "tlsnewsessions " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tlsresumptions " << "Amount of TLS sessions resumed" << "\n"; + output << "# TYPE " << frontsbase << "tlsresumptions " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tlsunknownticketkeys " << "Amount of attempts to resume TLS session from an unknown key (possibly expired)" << "\n"; + output << "# TYPE " << frontsbase << "tlsunknownticketkeys " << "counter" << "\n"; + output << "# HELP " << frontsbase << "tlsinactiveticketkeys " << "Amount of TLS sessions resumed from an inactive key" << "\n"; + output << "# TYPE " << frontsbase << "tlsinactiveticketkeys " << "counter" << "\n"; + + output << "# HELP " << frontsbase << "tlshandshakefailures " << "Amount of TLS handshake failures" << "\n"; + output << "# TYPE " << frontsbase << "tlshandshakefailures " << "counter" << "\n"; + + std::map frontendDuplicates; + for (const auto& front : g_frontends) { + if (front->udpFD == -1 && front->tcpFD == -1) + continue; + + const string frontName = front->local.toStringWithPort(); + const string proto = front->getType(); + const string fullName = frontName + "_" + proto; + uint64_t threadNumber = 0; + auto dupPair = frontendDuplicates.insert({fullName, 1}); + if (!dupPair.second) { + threadNumber = dupPair.first->second; + ++(dupPair.first->second); + } + const std::string label = boost::str(boost::format("{frontend=\"%1%\",proto=\"%2%\",thread=\"%3%\"} ") + % frontName % proto % threadNumber); + + output << frontsbase << "queries" << label << front->queries.load() << "\n"; + output << frontsbase << "responses" << label << front->responses.load() << "\n"; + if (front->isTCP()) { + output << frontsbase << "tcpdiedreadingquery" << label << front->tcpDiedReadingQuery.load() << "\n"; + output << frontsbase << "tcpdiedsendingresponse" << label << front->tcpDiedSendingResponse.load() << "\n"; + output << frontsbase << "tcpgaveup" << label << front->tcpGaveUp.load() << "\n"; + output << frontsbase << "tcpclientimeouts" << label << front->tcpClientTimeouts.load() << "\n"; + output << frontsbase << "tcpdownstreamtimeouts" << label << front->tcpDownstreamTimeouts.load() << "\n"; + output << frontsbase << "tcpcurrentconnections" << label << front->tcpCurrentConnections.load() << "\n"; + output << frontsbase << "tcpmaxconcurrentconnections" << label << front->tcpMaxConcurrentConnections.load() << "\n"; + output << frontsbase << "tcpavgqueriesperconnection" << label << front->tcpAvgQueriesPerConnection.load() << "\n"; + output << frontsbase << "tcpavgconnectionduration" << label << front->tcpAvgConnectionDuration.load() << "\n"; + if (front->hasTLS()) { + output << frontsbase << "tlsnewsessions" << label << front->tlsNewSessions.load() << "\n"; + output << frontsbase << "tlsresumptions" << label << front->tlsResumptions.load() << "\n"; + output << frontsbase << "tlsunknownticketkeys" << label << front->tlsUnknownTicketKey.load() << "\n"; + output << frontsbase << "tlsinactiveticketkeys" << label << front->tlsInactiveTicketKey.load() << "\n"; + + output << frontsbase << "tlsqueries{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",tls=\"tls10\"} " << front->tls10queries.load() << "\n"; + output << frontsbase << "tlsqueries{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",tls=\"tls11\"} " << front->tls11queries.load() << "\n"; + output << frontsbase << "tlsqueries{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",tls=\"tls12\"} " << front->tls12queries.load() << "\n"; + output << frontsbase << "tlsqueries{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",tls=\"tls13\"} " << front->tls13queries.load() << "\n"; + output << frontsbase << "tlsqueries{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",tls=\"unknown\"} " << front->tlsUnknownqueries.load() << "\n"; + + const TLSErrorCounters* errorCounters = nullptr; + if (front->tlsFrontend != nullptr) { + errorCounters = &front->tlsFrontend->d_tlsCounters; + } + else if (front->dohFrontend != nullptr) { + errorCounters = &front->dohFrontend->d_tlsCounters; + } + + if (errorCounters != nullptr) { + output << frontsbase << "tlshandshakefailures{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",error=\"dhKeyTooSmall\"} " << errorCounters->d_dhKeyTooSmall << "\n"; + output << frontsbase << "tlshandshakefailures{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",error=\"inappropriateFallBack\"} " << errorCounters->d_inappropriateFallBack << "\n"; + output << frontsbase << "tlshandshakefailures{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",error=\"noSharedCipher\"} " << errorCounters->d_noSharedCipher << "\n"; + output << frontsbase << "tlshandshakefailures{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",error=\"unknownCipherType\"} " << errorCounters->d_unknownCipherType << "\n"; + output << frontsbase << "tlshandshakefailures{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",error=\"unknownKeyExchangeType\"} " << errorCounters->d_unknownKeyExchangeType << "\n"; + output << frontsbase << "tlshandshakefailures{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",error=\"unknownProtocol\"} " << errorCounters->d_unknownProtocol << "\n"; + output << frontsbase << "tlshandshakefailures{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",error=\"unsupportedEC\"} " << errorCounters->d_unsupportedEC << "\n"; + output << frontsbase << "tlshandshakefailures{frontend=\"" << frontName << "\",proto=\"" << proto << "\",thread=\"" << threadNumber << "\",error=\"unsupportedProtocol\"} " << errorCounters->d_unsupportedProtocol << "\n"; + } + } + } + } + + output << "# HELP " << frontsbase << "http_connects " << "Number of DoH TCP connections established to this frontend" << "\n"; + output << "# TYPE " << frontsbase << "http_connects " << "counter" << "\n"; + + output << "# HELP " << frontsbase << "doh_http_method_queries " << "Number of DoH queries received by dnsdist, by HTTP method" << "\n"; + output << "# TYPE " << frontsbase << "doh_http_method_queries " << "counter" << "\n"; + + output << "# HELP " << frontsbase << "doh_http_version_queries " << "Number of DoH queries received by dnsdist, by HTTP version" << "\n"; + output << "# TYPE " << frontsbase << "doh_http_version_queries " << "counter" << "\n"; + + output << "# HELP " << frontsbase << "doh_bad_requests " << "Number of requests that could not be converted to a DNS query" << "\n"; + output << "# TYPE " << frontsbase << "doh_bad_requests " << "counter" << "\n"; + + output << "# HELP " << frontsbase << "doh_responses " << "Number of responses sent, by type" << "\n"; + output << "# TYPE " << frontsbase << "doh_responses " << "counter" << "\n"; + + output << "# HELP " << frontsbase << "doh_version_status_responses " << "Number of requests that could not be converted to a DNS query" << "\n"; + output << "# TYPE " << frontsbase << "doh_version_status_responses " << "counter" << "\n"; + +#ifdef HAVE_DNS_OVER_HTTPS + std::map dohFrontendDuplicates; + for(const auto& doh : g_dohlocals) { + const string frontName = doh->d_local.toStringWithPort(); + uint64_t threadNumber = 0; + auto dupPair = frontendDuplicates.insert({frontName, 1}); + if (!dupPair.second) { + threadNumber = dupPair.first->second; + ++(dupPair.first->second); + } + const std::string addrlabel = boost::str(boost::format("frontend=\"%1%\",thread=\"%2%\"") % frontName % threadNumber); + const std::string label = "{" + addrlabel + "} "; + + output << frontsbase << "http_connects" << label << doh->d_httpconnects << "\n"; + output << frontsbase << "doh_http_method_queries{method=\"get\"," << addrlabel << "} " << doh->d_getqueries << "\n"; + output << frontsbase << "doh_http_method_queries{method=\"post\"," << addrlabel << "} " << doh->d_postqueries << "\n"; + + output << frontsbase << "doh_http_version_queries{version=\"1\"," << addrlabel << "} " << doh->d_http1Stats.d_nbQueries << "\n"; + output << frontsbase << "doh_http_version_queries{version=\"2\"," << addrlabel << "} " << doh->d_http2Stats.d_nbQueries << "\n"; + + output << frontsbase << "doh_bad_requests{" << addrlabel << "} " << doh->d_badrequests << "\n"; + + output << frontsbase << "doh_responses{type=\"error\"," << addrlabel << "} " << doh->d_errorresponses << "\n"; + output << frontsbase << "doh_responses{type=\"redirect\"," << addrlabel << "} " << doh->d_redirectresponses << "\n"; + output << frontsbase << "doh_responses{type=\"valid\"," << addrlabel << "} " << doh->d_validresponses << "\n"; + + output << frontsbase << "doh_version_status_responses{httpversion=\"1\",status=\"200\"," << addrlabel << "} " << doh->d_http1Stats.d_nb200Responses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"1\",status=\"400\"," << addrlabel << "} " << doh->d_http1Stats.d_nb400Responses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"1\",status=\"403\"," << addrlabel << "} " << doh->d_http1Stats.d_nb403Responses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"1\",status=\"500\"," << addrlabel << "} " << doh->d_http1Stats.d_nb500Responses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"1\",status=\"502\"," << addrlabel << "} " << doh->d_http1Stats.d_nb502Responses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"1\",status=\"other\"," << addrlabel << "} " << doh->d_http1Stats.d_nbOtherResponses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"2\",status=\"200\"," << addrlabel << "} " << doh->d_http2Stats.d_nb200Responses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"2\",status=\"400\"," << addrlabel << "} " << doh->d_http2Stats.d_nb400Responses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"2\",status=\"403\"," << addrlabel << "} " << doh->d_http2Stats.d_nb403Responses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"2\",status=\"500\"," << addrlabel << "} " << doh->d_http2Stats.d_nb500Responses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"2\",status=\"502\"," << addrlabel << "} " << doh->d_http2Stats.d_nb502Responses << "\n"; + output << frontsbase << "doh_version_status_responses{httpversion=\"2\",status=\"other\"," << addrlabel << "} " << doh->d_http2Stats.d_nbOtherResponses << "\n"; + } +#endif /* HAVE_DNS_OVER_HTTPS */ + + auto localPools = g_pools.getLocal(); + const string cachebase = "dnsdist_pool_"; + output << "# HELP dnsdist_pool_servers " << "Number of servers in that pool" << "\n"; + output << "# TYPE dnsdist_pool_servers " << "gauge" << "\n"; + output << "# HELP dnsdist_pool_active_servers " << "Number of available servers in that pool" << "\n"; + output << "# TYPE dnsdist_pool_active_servers " << "gauge" << "\n"; + + output << "# HELP dnsdist_pool_cache_size " << "Maximum number of entries that this cache can hold" << "\n"; + output << "# TYPE dnsdist_pool_cache_size " << "gauge" << "\n"; + output << "# HELP dnsdist_pool_cache_entries " << "Number of entries currently present in that cache" << "\n"; + output << "# TYPE dnsdist_pool_cache_entries " << "gauge" << "\n"; + output << "# HELP dnsdist_pool_cache_hits " << "Number of hits from that cache" << "\n"; + output << "# TYPE dnsdist_pool_cache_hits " << "counter" << "\n"; + output << "# HELP dnsdist_pool_cache_misses " << "Number of misses from that cache" << "\n"; + output << "# TYPE dnsdist_pool_cache_misses " << "counter" << "\n"; + output << "# HELP dnsdist_pool_cache_deferred_inserts " << "Number of insertions into that cache skipped because it was already locked" << "\n"; + output << "# TYPE dnsdist_pool_cache_deferred_inserts " << "counter" << "\n"; + output << "# HELP dnsdist_pool_cache_deferred_lookups " << "Number of lookups into that cache skipped because it was already locked" << "\n"; + output << "# TYPE dnsdist_pool_cache_deferred_lookups " << "counter" << "\n"; + output << "# HELP dnsdist_pool_cache_lookup_collisions " << "Number of lookups into that cache that triggered a collision (same hash but different entry)" << "\n"; + output << "# TYPE dnsdist_pool_cache_lookup_collisions " << "counter" << "\n"; + output << "# HELP dnsdist_pool_cache_insert_collisions " << "Number of insertions into that cache that triggered a collision (same hash but different entry)" << "\n"; + output << "# TYPE dnsdist_pool_cache_insert_collisions " << "counter" << "\n"; + output << "# HELP dnsdist_pool_cache_ttl_too_shorts " << "Number of insertions into that cache skipped because the TTL of the answer was not long enough" << "\n"; + output << "# TYPE dnsdist_pool_cache_ttl_too_shorts " << "counter" << "\n"; + + for (const auto& entry : *localPools) { + string poolName = entry.first; + + if (poolName.empty()) { + poolName = "_default_"; + } + const string label = "{pool=\"" + poolName + "\"}"; + const std::shared_ptr pool = entry.second; + output << "dnsdist_pool_servers" << label << " " << pool->countServers(false) << "\n"; + output << "dnsdist_pool_active_servers" << label << " " << pool->countServers(true) << "\n"; + + if (pool->packetCache != nullptr) { + const auto& cache = pool->packetCache; + + output << cachebase << "cache_size" <